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Oracle  Changes  Strategy, 
EmbBceslApp  Mtegration 


Midyear  upgrade  will  include  built-in  hooks 
to  homegrown  systems  and  rival  packages 


BY  MARC  L.  SONGINI 

SAN  DIEGO 

Oracle  Corp.  last  week  detailed 
changes  it’s  making  to  regain 
the  No.  2  spot  in  the  business 
applications  market,  including 
a  newfound  enthusiasm  for 
helping  IT  managers  tie  its 
software  to  other  systems. 

The  integration  push  is  a 
shift  in  strategy  for  Oracle, 


which  fell  behind  PeopleSoft 
Inc.  in  the  business  applica¬ 
tions  sales  race  when  People- 
Soft  bought  J.D.  Edwards  & 

Co.  last  summer.  Until  now, 
Oracle  officials  had  lobbied 
hard  to  convince  users  they 
should  install  monolithic  sys¬ 
tems  combining  the  compa¬ 
ny’s  database,  applications  and 
application  server  software. 


Emcor  Saves  on  Sarb-Ox 


Shuns  packaged  apps, 
builds  Notes  system 
for  Sarbanes-Oxley 

BY  THOMAS  HOFFMAN 

NORWALK.  CONN. 

Emcor  Group  Inc.  is  develop¬ 
ing  a  Notes-based  system  to 
track  its  Sarbanes-Oxley  com¬ 
pliance  —  a  low-cost  project 
that  it  chose  as  an  alternative 
to  a  potential  six-figure  invest¬ 
ment  in  commercial  software 
and  IT  consulting  services. 

Emcor,  a  $4  billion  company 
that  installs  mechanical  and 
electrical  systems  in  commer¬ 
cial  buildings  and  offers  a  vari¬ 
ety  of  facilities  outsourcing 
services,  plans  to  start  using 
the  Notes  system  in  test  mode 


at  some  of  its  operating  units 
next  month.  The  technology  is 
due  to  be  rolled  out  company¬ 
wide  by  year’s  end. 

Emcor  executives  last  week 
said  they  decided  to  take  a 
“build”  rather  than  a  “buy”  ap¬ 
proach  after  evaluating  during 
Emcor,  page  41 


CIO  ,ili  i 'ucilisi  says  the  new 
system  will  cost  significantly  less 
th  t  buying  off-the-shelf  software. 


But  at  the 
vendor’s  Apps- 
World  confer¬ 
ence  here,  Ora¬ 
cle  previewed  a 
planned  upgrade 
of  its  E-Business 
Suite  lli  applications  that  will 
include  enhancements  de¬ 
signed  to  simplify  integration 
with  homegrown  and  third- 
party  software.  It  also  released 
a  set  of  tools  that  can  be  used 
to  pull  customer  data  from  lli 
and  other  systems  into  a  sin¬ 
gle  repository. 

Oracle  CEO  Larry  Ellison 
downplayed  the  idea  that  his 
company  is  shifting  its  stance 
Oracle,  page  41 


Users  Unhurt 
ByMydoom 

But  spread  did  show 
antivirus  limitations 


BY  JAIKUMAR  VIJAYAN 

Companies  that  followed 
long-recommended  e-mail  se¬ 
curity  practices  had  little  to 
fear  from  Mydoom’s  on¬ 
slaught  last  week.  But  the 
speed  at  which  the  e-mail- 
borne  virus  spread  highlight¬ 
ed  the  limitations  of  current 
antivirus  methodologies, 
users  and  analyst  said. 

Mydoom,  also  known  as 
Shimgapi  and  Novarg,  started 
spreading  last  Monday  as  an 
e-mail  attachment  with  vari¬ 
ous  names  and  extensions, 
including  .exe,  .scr,  .zip  and 
.pif.  When  executed,  the  virus 
sends  copies  of  itself  to  other 
e-mail  addresses  stored  in 

Mydoom,  page  12 


1. 


a  higher  plane 
of  communication 


WHEN  TAKING  YOUR  COMPANY  on  the  IP  telephony 

road,  the  right  traveling  companion  is  essential. 

Avaya  Global  Services  will  not  only  get  you  going  in 

the  right  direction,  but  we’ll  guide  you  the  whole 

way.  For  starters,  we  develop  a  comprehensive 

network  plan  that  includes  a  multivendor, 

multitechnology  IP  readiness  assessment. 

This  tells  us  what  we  need  to  know  to  help 

you  avoid  surprises  during  implementation  and 

maximize  security.  We’ll  get  you  up  and  running 

easily  and  seamlessly.  And  you  can  continue  to 

count  on  Avaya  Global  Services  to  manage  and 

constantly  monitor  your  entire  network,  using 

EXPERT  Systems'"  Diagnostic  Tools,  for  example, 

that  remotely  resolve  96%  of  all  system  alarms* 

Go  with  Avaya,  and  your  competitors  will  be 

eating  your  dust.  Visit  www.avaya.com/sidecar 

or  call  866-GO  AVAYA. 

IP  Telephony 

Contact  Centers 

Unified  Communication 

With 

AVAYA  GLOBAL  SERVICES 


at  your  side,  migration  to  IP  telephony  ean  be  a 

SM0000TH  RIDE. 


'Alarms  on  Avaya  OEFINITY  Systems  and  later  releases  ot  Avaya  teleptiony  software.  ©  2004,  Avaya  Inc.  AJf  flights  Reserved  Avaya.  the  Avaya  Logo,  arxi  all  tmaomarKs  tjy  T  ?■  :  ■'":i  1  • 

Avaya  Inc  ano  may  be  registered  In  OKWrn  jurisdictions.  All  ofner  trademarks  am  the  property  ot  their  ^sportive  owt  s. 


Thankfully  that  cost  is  low  with  the  new  Firebox*  X  -  the 
integrated,  expandable  network  security  appliance  that  delivers 
the  highest  security  at  the  lowest  total  cost  of  ownership. 


WatchGuard 

Fireboxx 


©Copyright  2004.  WatchGuard  Technologies,  Inc.  All  rights  reserved.  WatchGuard,  The  Security  Vou  Really  Need  and  Firebox  are  either 
registered  trademarks  or  trademarks  of  WatchGuard  Technologies,  Inc.  and/or  its  subsidiaries  in  the  United  States  and/or  other  countries. 


lAIC 

The  Security  You  Really  Need.™  WatchGuard^Jj 


FREE  NETWORK 
SECURITY  GUIDE 


11  Reality  Checks  to 
Help  the  CEO  ' CYA ’ 


Get  yours  by  visiting  www.watchguard.com/cwcya 
or  by  calling  1-877-732-8780. 


B2B  Survivors 

In  the  Management  section:  The  few  online  ex¬ 
changes  that  survived  the  dot-com  disaster  were 
industry  consortia  with  patient,  deep-pocketed 
members.  Now  these  supporters  are  pressuring 
the  exchanges  to  stop  being  cost  centers.  Page  27 


App-Layer  Battleground 

In  the  Technology  section:  WebCohort  CEO 
Shlomo  Kramer  says  application-layer  attacks 
are  an  increasingly  serious  problem.  He  cites 
the  security  vulnerabilities  he  encountered  in 
some  300  penetration  tests  as  proof.  Page  22 
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6  The  DHS  draws  criticism 
from  private  sector  reps  for 
making  cybersecurity  alert 
plans  without  them. 

6  Microsoft  encourages  NT  4 

Server  users  to  migrate  to 
newer  versions  of  Windows, 
offering  tools,  labs  and  dis¬ 
counted  training. 

7  Alaska  Airlines  tires  of  wait¬ 
ing  for  Sabre  to  migrate  off 
aging  mainframes  and  shifts 
to  a  Linux-based  online  fare¬ 
searching  system. 

7  EDS  hopes  a  team  of  former 
CIOs  will  help  it  compete  in 
delivering  business-transfor¬ 
mation  services. 

8  The  Eclipse  development 
framework  created  by  IBM 
gains  an  independent,  non¬ 
profit  oversight  organization. 

10  IBM  releases  a  high-end 

NAS  gateway  device  to  link 
file  servers  to  SANs. 

10  NASA  develops  a  SAN  to 

store  and  back  up  data  from 
two  Mars  rovers. 

11  Some  Lotus  users  are  wary 
of  IBM’s  new  Workplace 
direction. 

13  The  TVA  is  installing  a  hosted 
system  to  manage  the  hiring 
of  its  IT  contractors  and  other 
temporary  workers. 

13  Microsoft  adds  report  author¬ 
ing  and  distribution  functions 
to  its  SQL  Server  database, 
but  users  may  still  need  third- 
party  tools  to  create  reports. 


19  Toxic  Legacy.  The  costs  of 
disposing  of  outdated  IT 
equipment  are  rising  —  and 
so  are  the  liability  risks  for 
companies  that  don’t  get  rid 
of  e-waste  properly. 

23  QuickStudy:  ETL.  Extract, 
transform  and  load  software 
enables  companies  to  move 
data  from  multiple  sources 
and  then  reformat  and  cleanse 
it  before  loading  it  into  anoth¬ 
er  repository  or  operational 
system. 

24  Security  Manager’s  Journal: 
Developer  Tool  Kit  Raises 
Backdoor  Alarms.  When 
antivirus  software  detects 
backdoor  code  embedded  in 
critical  applications,  Vince 
Tuesday  tracks  the  source  to 
a  development  tool  kit. 

MANAGEMENT 

29  Dual  Curses.  Two  scourges  — 
viruses  and  spam  —  are  the 
most  vexing  e-mail  issues  for 
CIOs,  according  to  a  survey 
conducted  by  Ferris  Research 
and  Computer-world.  And  reg¬ 
ulatory  compliance  isn’t  far 
behind. 

30  A  Tough  Sell.  Multimillion- 
dollar  medical  imaging  sys¬ 
tems  are  hard  to  sell  to  cash- 
strapped  hospitals,  but  some 
users  say  they’ve  seen  definite 
benefits. 

32  Think  Tank:  Brain  Food  for  IT 

Executives.  Who  should  be  in 
charge  of  business/IT  align¬ 
ment?  It’s  the  CEO,  not  the 
CIO,  argues  Gopal  Kapur. 


8  On  the  Mark:  Mark  Hall  has 

dinner  with  some  chief  infor¬ 
mation  security  officers  and 
listens  to  a  few  of  their  pet 
peeves  about  security  vendors 
and  outsourcing. 

14  Maryfran  Johnson  suggests 
that  companies  stop  filling 
their  basements  with  obsolete 
technology  and  start  planning 
IT  recycling  programs. 

14  Pimm  Fox  hopes  Google  leads 
the  march  away  from  depend¬ 
ing  on  big  Wall  Street  firms  to 
play  in  the  IPO  market. 

15  Michael  Gartenberg  argues 
that  consumer  technology 

is  rampant  inside  companies 
and  warns  that  you  need  to 
embrace  and  manage  it. 

25  Paul  A.  Strassmann  says  that 
for  all  its  cost  savings,  out¬ 
sourcing  can  signal  trouble 
for  the  companies  doing  it. 

34  Paul  Glen  says  changing 
organizational  behavior,  like 
breaking  a  bad  habit,  requires 
small  steps,  visible  signs  of 
progress  and  patience. 

42  Frankly  Speaking:  Frank 
Hayes  thinks  it’s  pretty  simple 
to  know  what  users  want  from 
IT.  It’s  probably  the  same  as 
what  you  want  for  them. 
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QuickPoll  Results 
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What  operating  system 
is  most  secure? 


Note:  Percentages  don't  add  up  to  100  due  to  rounding. 

©  Take  this  week’s  QuickPoll  at  www.computerworld.com. 
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Mainframe’s  Midlife  Crisis 

It’s  time  for  companies  to  rethink  how  they 
secure  the  mainframe,  writes  Rob  van  Hobo¬ 
ken,  founder  of  Consul  Risk  Management. 
He  offers  tips  on  keeping  their  data  safe. 

O  QuickLink  43510 


City-Net:  The  Future  of  Wireless 

MOBILE/WIRELESS:  Imagine  a  wireless  mesh¬ 
ing  network  that  connects  emergency  work¬ 
ers,  traffic  signals,  public  transit  vehicles, 
information  kiosks,  video  cameras  and  other 
city  resources.  ©  QuickLink  44370 

Blogosphere 

Don’t  miss  our  editors’  weblogs  on  security, 
IT  careers,  operating  systems,  mobile/wire¬ 
less  and  more.  ©  QuickLink  a4000 

What’s  a  QuickLink? 

Throughout  each  issue  of 
Computerworld,  you'll 
see  five-digit  QuickLink  codes 
pointing  to  related  content  on 
our  Web  site.  Also,  at  the  end  of 
each  story,  a  QuickLink  to  that 
story  online  facilitates  sharing  it 
with  colleagues.  Just  enter  any 
of  those  codes  into  the  Quick- 
Link  box.  which  is  at  the  top  of 
every  page  on  our  site. 
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New  DHS  Cyber  Alert 
System  Draws  Friendly  Fire 

Private-sector  organizations  say  they 
were  left  out  of  the  loop  in  planning 


AT  DEADLINE 


University  Hit  by 
Network  Intrusion 

The  University  of  Georgia  said  the 
FBI  and  state  law  enforcement  of¬ 
ficials  are  investigating  a  server 
break-in  that  may  have  exposed 
the  personal  data  of  31,000  stu¬ 
dents  and  applicants.  An  internal 
probe  showed  that  the  intruders 
also  used  the  school’s  network  to 
scan  the  Internet  for  other  sys¬ 
tems  to  attack.  The  Athens-based 
university  said  it  took  the  compro¬ 
mised  server  off-line  on  Jan.  20. 


Microsoft  Delays 
Browser  Changes... 

Microsoft  Corp.  said  it  has  put  on 
hold  a  plan  to  modify  Windows 
and  its  Internet  Explorer  Web 
browser  in  response  to  a  ruling  in 
a  patent-infringement  lawsuit  filed 
by  Eolas  Technologies  Inc.  and  the 
University  of  California.  Microsoft 
announced  the  plan  in  October  but 
now  intends  to  appeal  the  decision 
and  is  awaiting  a  ruling  by  U.S.  of¬ 
ficials  on  the  patent’s  validity. 


...But  Updates  IE 
To  Block  Phishing 

Separately,  Microsoft  said  it  will 
modify  Internet  Explorer  in  an  ef¬ 
fort  to  block  e-mail  “phishing” 
scams  that  try  to  convince  PC 
users  to  go  to  spoofed  Web  sites 
and  disclose  personal  data.  The 
company  is  developing  an  update 
that  will  prevent  IE  from  accepting 
URLs  that  use  the  @  symbol  to  hide 
the  true  addresses  of  Web  pages. 


Short  Takes 

DEUTSCHE  BANK  AG  said  it  has 
agreed  to  outsource  its  worldwide 
purchasing  and  accounts-payable 
operations  to  ACCENTURE  LTD., 
which  will  provide  new  procure¬ 
ment  systems  as  part  of  the  deal. 
Financial  terms  weren’t  disclosed. 
. . .  PEOPLESOFT  INC.  reported  a 
$17.4  million  profit  on  revenue  of 
$685.2  million  for  last  year’s 
fourth  quarter,  the  first  full  quar¬ 
ter  since  it  bought  J.D.  Edwards 
&  Co.  Sales  of  new  software  li¬ 
censes  totaled  $185.4  million. 


BY  DAN  VERTON 

WASHINGTON 

The  leaders  of  the 
security  information 
sharing  organiza¬ 
tions  within  two  of 
the  nation’s  critical-infrastruc¬ 
ture  sectors  are  criticizing  the 
U.S.  Department  of  Homeland 
Security  for  announcing  a  new 
cyber  alert  system  without 
better  framing  the  role  of  the 
private  sector. 

In  interviews  with  Comput- 
erworld  last  week,  senior  offi¬ 
cials  from  the  Information 
Sharing  and  Analysis  Centers 
(ISAC)  within  the  IT  and  fi¬ 
nancial  services  industries 
said  they  learned  of  the  new 
DHS  National  Cyber  Alert 
System  from  media  reports 
that  appeared  shortly  after  the 
announcement  was  made  last 
Wednesday  [QuickLink 
44367].  The  officials  said  they 
have  little  or  no  idea  what,  if 
any,  new  capabilities  the  alert 
system  offers,  what’s  expected 
of  the  ISACs  or  how  the  pri¬ 
vate  sector  is  supposed  to  in¬ 
tegrate  and  coordinate  with 
the  DHS  on  the  alerts. 

At  Odds 

“The  government  wanted  to 
know  how  it  could  get  [securi¬ 
ty  information]  to  everybody, 
but  it  didn’t  ask  us  how  we 
could  do  that,”  said  Pete  Allor, 
operations  director  for  the  IT 
sector’s  ISAC. 

Amit  Yoran,  director  of  the 
DHS’s  National  Cyber  Securi¬ 
ty  Division,  said  the  new  alert 
system  “will  integrate  very 
closely  with  ISAC  functions, 
[and  alerts]  will  be  provided 
to  the  ISACs  and  in  many  cas¬ 
es  coordinated  with  the  ISACs 


BIOSURVEILLANCE 

Bush's  budget  for  2005  allocates  $274  mil¬ 
lion  for  an  antibioterrorism  program: 

QuickLink  44418 
www.computerworld.com 


in  advance.”  That  integration 
will  be  made  possible  by  the 
U.S.  Computer  Emergency 
Readiness  Team,  he  said. 

That  was  news  to  Suzanne 
Gorman,  chairman  of  the  fi¬ 
nancial  services  sector’s  ISAC, 
who  said  she  and  others  were 
never  briefed  on  what  capabil¬ 
ities  the  US-CERT  operation 
provides. 

“We  talk  about  partnerships, 
but  it  would  have  been  really 
nice  if  they  had  a  conversation 
with  us  ahead  of  making  this 
announcement,”  said  Gorman. 
“The  way  they  did  this  was 
poor,  to  say  the  least.” 

In  response,  Yoran  said  that 


the  DHS  did  in  fact  conduct 
discussions  with  the  various 
ISACs  on  what  the  depart¬ 
ment  could  do  to  increase 
awareness  and  that  the  level  of 
interaction  will  increase  as  the 
system  matures. 

However,  Yoran  said,  the 
goal  of  the  new  system  is  to 
give  “all  users  of  cyberspace 
the  information  they  need  to 
protect  themselves.”  He  noted 
that  the  DHS  alert  system 
doesn’t  provide  any  sector- 
specific  information.  Instead, 
it  offers  a  national-level  view, 
which  “even  all  of  the  ISACs 
don’t  cover,”  Yoran  said. 

Despite  the  agency’s  char¬ 
acterization  of  the  new  sys¬ 
tem  as  “a  fundamental  build¬ 
ing  block  of  the  public/pri¬ 
vate  partnership,”  both  Allor 


MWe  talk  about 
partnerships, 
but  it  would  have 
been  really  nice 
if  they  had  a  con¬ 
versation  with  us 
ahead  of  making 
this  announcement. 


SUZANNE  GORMAN.  CHAIRMAN. 
FINANCIAL  SERVICES  SECTOR  ISAC 

and  Gorman  said  it  seems 
to  be  geared  more  toward 
home  users  and  the  small- 
business  community  than  to¬ 
ward  the  midsize  and  large 
companies  that  make  up  the 
bulk  of  the  nation’s  critical 
infrastructure. 

From  a  critical-infrastruc¬ 
ture  protection  perspective, 
“I’m  not  clear  on  how  this  is 
going  to  work,”  said  Gorman. 
“There  seems  to  be  a  lot  of  du¬ 
plication  of  effort.”  ©  44425 


Microsoft  Aims  to  Prevent 
NT  Users’  Shift  to  Linux 


BY  CAROL  SLIWA 

Support  for  Windows  NT  Server  4.0 
is  due  to  cease  at  year's  end,  but  the 
many  users  of  the  aging  Microsoft 
Corp.  operating  system  will  find  plen¬ 
ty  of  options  as  they  plot 
their  migration  strategies. 

IBM  two  weeks  ago 
said  it  would  offer  free  mi¬ 
gration  classes  and  some 
discounts  on  software  and 
services  for  those  who  opt 
to  move  from  Microsoft 
products  to  IBM  enterprise 
software  running  on  Linux 
[QuickLink  44175]. 

Not  to  be  outmarketed,  Microsoft 
last  week  promoted  its  improved  mi¬ 
gration  tools,  prescriptive  guidance, 
discounted  training,  a  freely  avail¬ 
able  “online  concierge"  and  other 
services. 

In  an  interview  last  week,  Jim 
Hebert,  general  manager  of  the 
Windows  Server  product  manage¬ 
ment  group,  discussed  the  migration 
issue.  Excerpts  follow: 


What  did  you  think  of  IBM’s 
program  to  entice  Windows  NT 
users  to  Linux?  We  don’t  know 
much  more  about  what  they’re  doing 
than  what  we  read  in  the  papers,  but 
from  the  short  list  of  what 
they  said  that  they  were 
going  to  be  offering  cus¬ 
tomers,  we  actually  felt 
pretty  good  because  we’ve 
been  offering  those  same 
opportunities  to  customers 
for  about  24  months  now. 
So  a  short  version  of  what 
we  think  about  this  is  imi¬ 
tation  is  the  most  sincere 
form  of  flattery. 

Linux  is  drawing  much  more 
attention  today.  Will  Microsoft 
need  to  do  more?  We  are  doing 
more. . . .  We’ve  been  continuing  to 
invest  in  our  tools  and  making  sure 
that  we’ve  got  partners.  And  the 
most  important  thing  for  most  of  c 
:omers  when  they're  thinking 
potentially  moving  platfo 


whether  the  software  they  need  to 
run  their  business,  not  just  the  oper¬ 
ating  system,  is  available  to  them  on 
that  platform.  We’ve  made  huge  in¬ 
vestments  over  the  years  to  build  the 
largest  ecosystem  of  software  avail¬ 
able  for  any  platform  that  I  know  of. 

How  many  users  are  still  on 
Windows  NT  Server  4.0?  There 

are  parts  of  our  business  that  we 
don’t  talk  about  publicly,  and  this  is 
one  of  them. 

Are  more  NT  users  moving  to 
Windows  2000  or  Windows 
Server  2003?  We  see  customers 
who  already  were  halfway  through 
an  upgrade  from  NT  4  to  Windows 
2000  continuing  on  that  front,  and 
we’re  not  going  to  ask  them  to  start  a 
new  evaluation  of  running  Windows 
Server  2003  and  a  Windows  2k  en- 
iment  at  the  same  time.  Either 
those  operating  systems  pro¬ 
significant  benefits  to  an  NT  4 
ito 

!  any  chance  that  sup- 
NT  Server  wl  be  ex- 
I  beyond  the  end  of  the 
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Alaska  Airlines  Switches  to 
Linux-based  Fare  Searching 


Stays  with  Sabre  for  reservations  but 
decides  not  to  wait  for  other  functions 


BY  DAN  VERTON 

Alaska  Airlines  last  week  said 
it  has  completed  the  migration 
of  its  online  travel  planning 
and  pricing  engine  to  an  Intel- 
based  system  running  Linus. 

The  move  represents  a  shift 
of  some  functions  away  from 
the  mainframe-based  system 
provided  by  Southlake,  Texas- 
based  Sabre  Holdings  Corp., 
said  Steve  Jarvis,  vice  presi¬ 
dent  of  e-commerce  and  dis¬ 
tribution  at  Seattle-based 
Alaska  Airlines. 

In  September  2001,  Sabre 
announced  plans  to  migrate 
off  the  aging  IBM  mainframe 
system  to  one  based  on  fault- 
tolerant  servers  from  Compaq 
Computer  Corp.,  now  part  of 
Hewlett-Packard  Co.  [Quick- 
Link  23032].  Sabre  had  said  it 
would  take  at  least  three  years 
to  complete  the  migration.  But 
that  wasn’t  good  enough  for 
Jarvis,  who  decided  to  move 
the  itinerary-planning  and 
fare-searching  functions  to  the 
Linux-based  QPX  system  de¬ 
veloped  by  ITA  Software  Inc. 
in  Cambridge,  Mass. 

“We  couldn’t  wait  on  Sabre,” 
he  said.  “ITA’s  algorithms  are 
widely  regarded  as  the  best  in 
the  industry,  and  we  needed 
to  move.” 

Facing  the  Competition 

Kathryn  Hayden,  a  spokes¬ 
woman  for  Sabre,  acknowl¬ 
edged  Alaska’s  move  to  ITA 
for  Web  pricing  functionality 
but  said  the  company  recent¬ 
ly  renewed  its  contract  with 
Sabre  for  reservations  and  de¬ 
parture  control. 

Sabre  has  been  migrating 
airlines  to  its  new  system 
since  the  end  of  last  year,  and 
the  effort  “has  gone  very  suc¬ 
cessfully,”  said  Hayden.  She 
said  Sabre  isn’t  concerned 
about  airlines  moving  to  ITA; 
just  last  week  Sabre  intro¬ 
duced  a  component-based  of¬ 
fering  called  SabreSonic  that 


includes  modules  for  reserva¬ 
tions,  check-in,  ticketing,  in¬ 
ventory,  shopping  and  pricing, 
and  a  Web-based  booking  tool. 

Jarvis  said  that  while  Alaska 
Airlines  expects  the  ITA  soft- 
wTare  to  reduce  costs  com¬ 
pared  with  Sabre,  the  real  dri¬ 
ver  for  the  shift  was  that  ITA’s 
technology  will  enable  the  air¬ 
line  to  make  its  Web  site  more 
of  a  revenue  generator.  “We 
plan  to  grow  our  [online]  rev¬ 
enue  to  $1  billion  by  2005,” 
said  Jarvis.  The  airline  cur- 


Strategy  focuses 
on  rivals,  business 
transformation 

BY  PATRICK  THIBODEAU 

PLANO. TEXAS 

After  a  rough  year  of  layoffs, 
lawsuits  and  lackluster  rev¬ 
enue,  Electronic  Data  Systems 
Corp.  officials  claimed  last 
week  that  the  worst  is  behind 
them.  Now  they  plan  to  grow 
the  company  by  offering  busi¬ 
ness  transformation  services 
led  by  a  management  team 
made  up  of  ex-CIOs. 

In  adopting  a  strategy  that 
goes  beyond  providing  ser¬ 
vices  for  companies  that  want 
to  outsource  their  IT  opera¬ 
tions,  EDS  aims  to  more  di¬ 
rectly  challenge  IBM  and 
Hewlett-Packard  Co.,  which 
are  taking  similar  business- 
transformation  approaches. 

At  an  analyst  meeting  here 
last  week,  EDS  officials  said 
the  company’s  strengths  lie  in 
its  emphasis  on  open  stan¬ 
dards,  depth  of  technical  ex¬ 
pertise  and  relatively  agnostic 
approach  to  technology  com¬ 
pared  with  IBM  and  HP. 


rently  earns  30%  of  its  S600 
million  in  passenger  revenue 
through  its  Web  site. 

QPX  uses  XML  technology 
and  a  component-based  archi¬ 
tecture  that  scales  linearly, 
said  Jeremy  Wertheimer,  ITA’s 
founder  and  CEO.  “It  process¬ 
es  and  confirms  availability 
for  [trip]  pricing  in  less  than 
one-tenth  of  a  second”  by  run¬ 
ning  algorithms  that  more  effi¬ 
ciently  analyze  airfares  and 
routing  options,  he  said. 

“This  is  a  huge  improvement 
in  the  number  of  itineraries  we 
can  process,”  said  Jarvis.  When 
Alaska  Airlines  was  using  the 
mainframe-based  Sabre  sys- 


An  executive  at  Canadian 
Imperial  Bank  of  Commerce 
in  Toronto,  which  outsources 
its  human  resources  opera¬ 
tions  to  EDS,  said  she  found 
the  new  direction  reassuring. 

It  offers  “much  more  clarity 
as  to  where  we  fit  as  a  [busi¬ 
ness  process  outsourcer]  in 
their  strategic  direction,”  said 
Joyce  Phillips,  execu¬ 
tive  vice  president  of 
human  resources  at 
CIBC.  “That’s  what  I 
want  to  hear.” 

Analysts  said  EDS 
needed  to  change  to 
keep  pace  with  com¬ 
petitors. 

“I  think  they  are 
trying  to  rationalize 
their  broad  range  of 
offerings,”  said  John 
McCarthy,  an  analyst 
at  Stamford,  Conn.- 
based  Gartner  Inc.  “Every¬ 
body  is  coming  out  of  this 
slowdown  in  IT  trying  to  fig¬ 
ure  out.  How  do  we  reinvigo¬ 
rate  ourselves?  What’s  our  val¬ 
ue  proposition?” 

EDS  CEO  Mike  Jordan,  who 
assumed  that  position  last 
year,  said  he’s  counting  on  a 


tem,  it  often  had  to  make  more 
than  40  different  data  requests 
to  produce  one  screen  of  itin¬ 
erary  options.  “Now  we  do  it 
all  with  one  trip  to  the  data 
source,”  Jarvis  said. 

Changes  that  enabled  the 
airline  to  customize  end  users’ 
online  experience  have  re¬ 


new  management  team  to  im¬ 
prove  customer  relationships. 
It  counts  the  following  among 
its  members: 

■  Charlie  Feld,  former  CIO 
at  Frito-Lay  Inc.,  who  became 
executive  vice  president  of  EDS 
portfolio  management  after 
EDS  bought  Feld’s  consulting 
firm,  The  Feld  Group,  last 
month. 

■  Steve  Schuckenbrock, 
who  also  worked  at  The  Feld 
Group  and  was  previously  a 
senior  vice  president  of  IT  at 
PepsiCo  Inc.  Schuckenbrock  is 

now  executive  vice 
president  for  global 
sales  and  client  solu¬ 
tions  at  EDS. 

■  David  Clementz, 
former  CIO  and  pres¬ 
ident  of  Chevron- 
Texaco  Information 
Technology  Co.,  who 
is  now  executive  vice 
president  for  sendee 
delivery  at  EDS. 

Based  on  the  be¬ 
lief  that  customers 
want  to  narrow  the 
breadth  of  technologies  in 
their  IT  operations,  EDS  said 
it  intends  to  develop  deeper 
relationships  with  a  smaller 
number  of  technology  vendors 
and  have  more  of  a  “bias”  to¬ 
ward  certain  products  in  its 
customer  recommendations. 

“By  tightening  alliances 


mained  invisible,  and  that’s  an 
important  lesson  for  anybody 
thinking  about  a  similar  pro¬ 
ject,  he  said.  “Don’t  try  to  em¬ 
bed  an  entirely  new  user  ex¬ 
perience  with  a  platform 
change,”  Jarvis  said,  noting 
that  that  can  confuse  users  and 
drive  them  away.  ©  44428 


with  the  Suns  and  Dells  . . . 
we’re  trying  to  get  a  much  bet¬ 
ter  look . . .  into  what’s  coming 
three  or  five  years  down  the 
road,”  said  Schuckenbrock. 
EDS  officials  also  noted  that 
they  want  a  deeper  relation¬ 
ship  with  Microsoft  Corp. 

In  addition,  EDS  wall  work 
to  deliver  customer-centric 
systems  that  are  “made  out  of 
reusable  parts,”  an  approach 
EDS  hasn’t  taken  in  the  past, 
said  Feld.  For  instance,  one 
customer  may  use  an  ERP  sys¬ 
tem  from  PeopleSoft  Inc.,  and 
another  may  be  an  SAP  AG 
user.  But  both  might  be  able  to 
use  the  same  business  intelli¬ 
gence  layer  and  Web  front  end. 

EDS  in  October  announced 
plans  to  cut  2,500  jobs,  bring¬ 
ing  last  year’s  total  layoffs  to 
5,200,  or  about  4%  of  its  work¬ 
force  of  135,000  [QuickLink 
42473].  At  that  time,  EDS  post¬ 
ed  a  net  loss  of  $600,000  for 
its  third  quarter,  while  rev¬ 
enue  rose  6%  to  $5.24  billion. 

The  company  is  also  facing 
a  class-action  shareholder 
lawsuit  alleging  that  two  for¬ 
mer  top  executives  knowingly 
misrepresented  company 
earnings  and  the  health  of  the 
multibillion-dollar  Navy/Ma¬ 
rine  Corps  Intranet  contract 
[QuickLink  44087],  EDS  offi¬ 
cials  declined  to  discuss  the 
contract  last  week.  ©  44405 


EDS  Pins  Hopes  on 
Team  of  Ex-CIOs 


i 

FELD:  EDS 
wants  to  deliver 
customer-centric 
systems  that  are 
“made  out  of 
reusable  parts.” 
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Siemens  Seeks  to 
Lower  IT  Spending 

Siemens  AG  has  launched  a 
technology  consolidation  pro¬ 
gram  in  a  bid  to  cut  its  $4.7  bil¬ 
lion  IT  budget  by  more  than  20% 
over  the  next  three  years.  Ed- 
mundo  Ruiz,  vice  president  of 
the  corporate  information  and 
operations  groups,  told  the  IDG 
News  Service  that  Siemens 
wants  to  lower  the  number  of 
applications  and  devices  used  in 
its  worldwide  operations. 


SAP  Offers  Deals 
On  P/3  Upgrades 

SAP  AG  is  offering  pricing  dis¬ 
counts  to  entice  R/3  users  to  up¬ 
grade  to  the  latest  release  of  its 
ERP  software.  The  company  said 
users  can  apply  up  to  75%  of 
the  price  they  paid  for  their  cur¬ 
rent  releases  against  the  cost  of 
a  mySAP  ERP  license.  It  also 
dropped  R/3  from  its  price  list  at 
the  start  of  the  year  and  plans  to 
end  mainstream  support  ser¬ 
vices  for  the  software  by  2009. 


Sun  Preps  Java 
Desktop  Release 

Sun  Microsystems  Inc.  said  it 
plans  by  midyear  to  release  the 
second  version  of  its  Java  Desk¬ 
top  System  software,  with  addi¬ 
tional  tools  for  centrally  manag¬ 
ing  client  systems.  But  the  up¬ 
grade  will  cost  more.  Sun  now 
sells  the  software  at  a  promo¬ 
tional  price  of  $50  per  user  an¬ 
nually  but  said  the  upgrade  will 
cost  $100  per  user. 


Microsoft  Updates 
Word  to  Fix  Bugs 

Microsoft  Corp.  released  an  up¬ 
date  of  Word  2003  in  an  effort 
to  fix  several  bugs  in  the  word 
processing  software,  which  be¬ 
came  available  in  October.  One 
of  the  most  serious  glitches  can 
cause  Word  2003  to  freeze  or 
crash  when  users  are  working  on 
documents  that  contain  OLE  ob¬ 
jects,  Microsoft  said. 
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Vendor  Conflicts  Bug 
Security  Chiefs . . . 

. . .  who  believe  that  incompatibility  among  security  products  impedes  their 
efforts  to  lock  down  their  systems.  Vendors  “need  to  open  up  their  se¬ 
curity  model,  so  companies  can  apply  the  product  to  their  own  securi¬ 
ty  needs,”  argues  Allen  Kerr,  vice  president  of  IT  infrastructure  and 
information  security  at  Premera  Blue  Cross  in  Mountlake  Terrace, 
Wash.  Kerr  points  to  vendors  that  claim,  for  example,  that  a  product  is 


compliant  with  the  Health  Insurance 
Portability  and  Accountability  Act,  which 
is  good.  But  that  doesn’t  help  him  when 
he  needs  to  extend  the  product  to  be 
compliant  with  patient  health  informa¬ 
tion  strictures  set  by  individual  states.  “I 
say,  open  up  the  security  model  so  I  can 
be  compliant  across  the  board,”  he  con¬ 
cludes.  Phil  Attfield,  an  IT  security  con¬ 
sultant  in  Fall  City,  Wash.,  agrees.  “Secu¬ 
rity  is  infrastructure  now,”  he  says,  “and 
it  needs  to  have  policy  enforcement  stan¬ 
dards  set  across  the  board.”  Unless  vendors 
open  up  their  APIs,  that’s  not  possible.  Ron 
Moritz,  chief  security  strategist  at  Com¬ 
puter  Associates  International  Inc., 
acknowledges  the  prob¬ 
lem  and  says  it  will  take 
until  2006-07  for  the  ap¬ 
plication  programming  in¬ 
terfaces  in  CA’s  eTrust  se¬ 
curity  applications  to  be 
available  to  users  for  cus¬ 
tomization.  ■  Another 
brewing  security  issue 
that  worries  Kerr  and  oth¬ 
er  corporate  information  se¬ 
curity  heads  who  were  at  a 
CA-sponsored  dinner  at 
Safeco  Field  in  Seattle  last 
week  is  outsourcing. 

“What  people  worry  about 
is  securing  the  transmis¬ 


sion  of  data,”  he  says.  “But  that’s  the  sim¬ 
plest  part.”  Karen  Worstell,  chief  infor¬ 
mation  security  officer  and  vice  presi¬ 
dent  of  IT  risk  management  at  Redmond, 
Wash.-based  AT&T  Wireless  Services 
Inc.,  says  there’s  “no  difference  between 
Tukwila,  [Wash.,]  and  Bangalore”  in  the  way 
IT  managers  need  to  treat  their  out¬ 
sourcers.  However,  she  suggests  that  you 
develop  service-level  agreements  that 
specify  how  the  information  can  be  used 
by  outsiders,  who  can  see  it  and  whether 
work  on  an  application  can  be  subcon¬ 
tracted  out.  “And  you  need  to  monitor  or 
audit  the  outsourcer  once  or  twice  a 
year,”  Worstell  advises.  She  says  she  be¬ 
lieves  that  the  Sarbanes- 
Oxley  Act  changed  the 
way  IT  has  to  think  about 
outsourcing  deals.  “Now 
you  can  outsource  the 
work,  but  not  the  respon¬ 
sibility,”  she  wisely  says. 

■  The  mainframe  gravy  train 
keeps  getting  longer  for  At- 
tachmate  Corp.  The  Belle¬ 
vue,  Wash.-based  compa¬ 
ny  will  release  its  MyExtra 
Smart  Connector  Main¬ 
frame  Edition  late  this 
month.  The  new  version 
of  the  software,  which  al¬ 
ready  exists  as  a  server- 


based  product  outside  the  mainframe, 
now  runs  directly  in  an  OS/390  or  zSeries 
environment.  Plus,  the  latest  version  will 
add  VSAM  and  DB2  connectors  to  its  IMS 
and  CICS  links.  Attachmate  Vice  Presi¬ 
dent  Markus  Nitschke  says  application 
writers  can  use  the  mainframe-based  ver¬ 
sion  to  tie  information  inside  disparate  data¬ 
bases  running  on  the  big  iron  with  a  single 
SQL  join  command.  And,  he  boasts,  per¬ 
formance  jumps  at  least  100  times  by  run¬ 
ning  the  connectors  directly  on  the  main¬ 
frame  as  opposed  to  on  an  external  server. 

■  Once  those  mainframe-based  programs 
are  humming  along,  you  can  goose  those 
Web-based  applications  with  an  intelligent 
queuing  system  from  Warp  Technology 
Holdings  Inc.  in  New  York.  Warp  Spi- 
derQ,  which  ships  later  this  quarter,  can 
manage  hundreds  of  thousands  of  in¬ 
bound  page  requests,  as  opposed  to  a  typ¬ 
ical  Web  server  that  bogs  down  at  around 
2,000  requests.  Chief  Technology  Officer 
Greg  Parker  claims  that  companies  can 
avoid  throwing  more  hardware  at  perfor¬ 
mance  problems  by  using  SpiderQ^and 
that  it’s  ideal  for  Web  sites  that  suffer  in¬ 
termittent  demand  spikes.  It  can  also  be  a 
weapon  against  denial-of-service  attacks, 
he  says.  Maybe  he  should  give  SCO  a  call. 

■  Many  mainframe  developers  are  familiar 
with  Relativity  Technologies  Inc.’s  Cobol, 
PL1  and  other  language  tools.  Now  the 
Raleigh,  N.C.-based  company  is  opening 
its  software  development  environment  to 
third-party  products.  The  first  two  com¬ 
panies  to  sign  on  are  Trinity  Millennium 
Group  Inc.  in  San  Antonio  and  Software 
Migrations  Ltd.  in  Hertfordshire,  England. 
The  former  is  offering  a  bevy  of  languages, 
including  Visual  Basic,  PowerBuilder  and  Oracle 
Forms,  that  can  be  accessed  through  Rela¬ 
tivity’s  software.  The  latter  is  putting  its 
assembler  tools  into  the  product.  Users 
can  leverage  a  single  interface  to  access 
multiple  language  parsers  and  tools,  as 
well  as  a  central  database  for  business 
rules,  components,  documentation  and 
other  functions.  ©  44406 


On  March  15,  Catalyst  Sys¬ 
tems  Corp.  in  Glencoe,  III., 
will  ship  its  Openmake  6.3 
build  management  tool.  The 
upgrade  lets  application  de¬ 
velopment  managers  better 
control  the  build  process.  The 
new  version  will  now  run  on 
WebSphere  and  Oracle  appli¬ 
cation  servers  as  well  as 
Tomcat,  an  open-source 
server.  Pricing  is  S300  per 
client  and  S3, 000  per  server. 


Independent  Eclipse  Organization  Emerges 


BY  CAROL  SLIWA 

Today,  after  months  of  plan¬ 
ning,  the  Eclipse  development 
framework  that  IBM  created 
and  released  to  the  open- 
source  world  will  finally  get  an 
independent,  nonprofit  corpo¬ 
ration  to  oversee  its  technol¬ 
ogy  direction  and  growth. 

Eclipse’s  board  of  stewards 
announced  that  more  than  50 
companies  have  signed  on  as 
members  of  the  organization. 
Its  board  of  directors  will  hold 


its  first  meeting  tomorrow  in 
Anaheim,  Calif.,  where  the  in¬ 
augural  Eclipse  technical  con¬ 
ference  is  taking  place. 

Among  the  noteworthy  Java 
vendors  that  declined  to  join 
the  organization  were  Sun  Mi¬ 
crosystems  Inc.  and  BEA  Sys¬ 
tems  Inc.  But  Skip  McGaugh- 
ey,  the  IBM  tools  official  who 
is  relinquishing  his  post  as 
Eclipse  chairman,  expressed 
optimism  that  more  compa¬ 
nies  will  choose  to  participate 


as  Eclipse  demonstrates  its  in¬ 
dependence  and  quality. 

Rikki  Kirzner,  an  analyst  at 
IDC,  said  she  was  pleasantly 
surprised  to  see  the  cross  sec¬ 
tion  of  the  developer  commu¬ 
nity  that  has  already  signed  up, 
including  companies  such  as 
Borland  Software  Corp.  Six  to 
eight  months  ago,  some  had 
expressed  skepticism  about 
the  value  of  joining  Eclipse. 

IBM  will  continue  to  have 
some  influence  over  the 


group’s  future  as  a  member  of 
the  Eclipse  Management  Or¬ 
ganization’s  board  of  direc¬ 
tors.  But  there  will  also  be  sev¬ 
en  other  strategic  partners 
steering  its  direction  and  co¬ 
ordinating  projects,  including 
Ericsson  Inc.,  Hewlett-Packard 
Co.,  Intel  Corp.  and  SAP  AG. 

“In  the  past,  it  was  primarily 
an  IBM-funded  effort.  In  order 
for  it  to  be  viable,  IBM  had  to 
be  viewed  no  longer  as  the 
owner,”  said  Michael  Blechar, 
an  analyst  at  Gartner  Inc. 
©44426 
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IBM  Offers  Hardware 
For  High-End  NAS  Apps 

Gateway  device  links  file  servers  to 
SANs,  supports  up  to  224TB  of  data 


BY  LUCAS  MEARIAN 

bm  last  WEEK  announced 
its  first  enterprise-class 
gateway  for  network- 
attached  storage  on  Win¬ 
dows,  Unix  and  Linux  servers, 
putting  it  in  direct  competi¬ 
tion  with  Network  Appliance 
Inc.,  EMC  Corp.  and  Hewlett- 
Packard  Co. 

The  rollout  is  part  of  an  ef¬ 
fort  by  IBM  to  catch  up  to 
those  vendors  in  selling  high- 
end  NAS  devices,  including 
gateways  that  let  IT  managers 
store  data  from  file  servers  on 
storage-area  networks. 

Last  July,  IBM  nixed  its 
TotalStorage  NAS  100  and  200 
devices,  which  were  self-con¬ 
tained  file  servers,  in  order  to 
focus  on  higher-end  products 
[QuickLink  39671].  That  move 


left  the  company  with  the  NAS 
Gateway  300,  a  Windows- 
based  midrange  system  that 
includes  a  two-processor  NAS 
head  and  supports  up  to  22TB 
of  storage. 

In  comparison,  the  new  NAS 
Gateway  500  is  based  on  IBM’s 
Power4  processor  and  AIX  op¬ 
erating  system.  The 
device  can  be  con¬ 
figured  with  up  to 
four  CPUs  and 
scales  to  a  storage 
capacity  of  224TB, 

IBM  said. 

“Customers  have 
been  asking  us  for  a  more  en¬ 
terprise-class  product,”  said 
David  Vaughn,  IBM’s  manager 
of  gateway  products.  Using 
the  Common  Internet  File  Sys¬ 
tem  protocol  for  Windows,  the 


NAS  Gateway  500  can  transfer 
files  one  and  a  half  times  faster 
than  the  300,  he  said.  With  the 
Network  File  System  protocol 
used  on  Unix  and  Linux  ma¬ 
chines,  the  new  device  is  six 
times  faster,  he  added. 

Keith  Stevens,  a  systems  ad¬ 
ministrator  at  Johns  Hopkins 
University’s  Center  for  Car¬ 
diovascular  Bioinformatics 
and  Modeling  in  Baltimore, 
said  he’s  eyeing  a  NAS  Gate¬ 
way  500  as  a  rela¬ 
tively  inexpensive 
way  to  expand  his 
storage  capacity. 

Stevens  is  shop¬ 
ping  for  a  replace¬ 
ment  for  his  IBM 
FAStT500  disk  ar¬ 
ray  because  the  center  has 
maxxed  out  that  device’s  7TB 
capacity.  He’s  also  considering 
a  FAStT900  and  IBM’s  Fibre 
Channel-based  Shark  array, 
which  both  offer  35TB. 


But  Stevens  said  he  experi¬ 
enced  sticker  shock  with  the 
two  arrays.  The  FAStT900 
would  cost  Johns  Hopkins 
$900,000,  and  it  would  take 
$1.5  million  to  buy  the  Shark 
device,  formally  known  as  the 
Enterprise  Storage  Server. 

Stevens  likes  the  idea  of  be¬ 
ing  able  to  buy  a  NAS  gateway 
for  less  than  $100,000  as  an  al¬ 
ternative.  “I’m  definitely  inter¬ 
ested  in  sharing  file  systems 
across  our  network,”  he  said. 
“We  just  need  something  with 
pretty  decent  performance.” 

Pricing  starts  at  $67,000  on 
the  NAS  Gateway  500.  The  de¬ 
vice  can  use  either  Shark  or  the 
FAStT  line  for  back-end  stor¬ 
age,  and  IBM  said  it  also  can 
work  with  rival  disk  arrays  if 
it’s  configured  with  the  compa¬ 
ny’s  SAN  Volume  Controller 
virtualization  software. 

“IBM  has  never  been  partic¬ 
ularly  successful  at  doing  NAS, 
but  this  is  a  new  ball  game,” 
said  Mike  Karp,  an  analyst  at 
Enterprise  Management  Asso¬ 
ciates  Inc.  in  Boulder,  Colo. 
“They  didn’t  succeed  the  first 
time  out.  Those  devices  just 
didn’t  have  the  horsepower.” 


MORE  ON  STORAGE 

EMC  adds  tools  that  analyze 
databases  and  move  old 
records  to  secondary  storage: 
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NASA  Taps  SAN  to  Store, 
Back  Up  Data  From  Mars 


System  handles  5TB 
of  data  each  week 


BY  LUCAS  MEARIAN 

The  toughest  thing  about 
landing  an  unmanned  probe 
on  Mars  is  going  from  12,000 
mph  to  zero  in  six  minutes,  ac¬ 
cording  to  Prasun  Desai,  one 
of  the  NASA  engineers  who 
developed  the  descent  and 
landing  systems  for  the  Spirit 
and  Opportunity  rovers. 

“Things  happen  quickly,” 
Desai  said  succinctly.  But  de¬ 
spite  the  abruptness  of  the 
landings,  the  computers 
aboard  the  two  rovers  sent 
plenty  of  data  about  the  de¬ 
scents  80  million  miles  to 
Earth,  where  the  information 
was  transmitted  to  a  storage- 
area  network  set  up  at  NASA’s 
Langley  Vehicle  Analysis 
Branch  in  Hampton,  Va. 


Charles  Davis,  a  systems  ad¬ 
ministrator  at  Raytheon  Corp. 
in  Lexington,  Mass.,  was  con¬ 
tracted  by  NASA  to  help  de¬ 
velop  the  SAN,  which  stores 
and  backs  up  data  received  at 
the  space  agency’s  Jet  Propul¬ 
sion  Laboratory  (JPL)  in 
Pasadena,  Calif. 

Among  the  key  information 
received  by  the  Langley  SAN 
was  the  flight  trajectory  data 
from  Spirit’s  Jan.  3  entry  into 
the  Martian  atmosphere  and 
its  landing  on  the  planet’s  sur¬ 
face.  That  data  was  especially 
valuable  because  Opportunity 
had  to  perform  a  similar  entry 
and  landing  on  the  opposite 
side  of  Mars  three  weeks  later. 

Information  from  Spirit’s 
descent  was  used  by  NASA 
engineers  to  adjust  Opportu¬ 
nity’s  flight  path,  according  to 
Davis.  “We  took  the  data  they 
got  and  helped  them  make  de¬ 


cisions  around  determining 
the  landing  sites,”  he  said. 

For  primary  storage,  the 
Langley  SAN  includes  two 
disk  farms:  an  EMC  Corp. 
Clariion  array  with  1.5TB 
capacity,  and  a  Total  Perfor¬ 
mance  9400  array  made  by 
Silicon  Graphics  Inc.  that  can 
store  4TB  of  data.  Both  arrays 
are  configured  for  RAID  5, 
which  overlaps  read  and  write 
operations  across  all  of  their 


disk  drives.  The  storage  net¬ 
work  also  includes  a  Brocade 
Communications  Systems  Inc. 
Fibre  Channel  switch  that  sup¬ 
ports  up  to  lGb/sec.  through¬ 
put,  Davis  said.  An  eight-proc¬ 
essor  SGI  Origin  2000  server 
is  used  to  back  up  data  to  a 
Spectra  Logic  Corp.  tape  li¬ 
brary  that  can  accommodate 
380  LTO-2  tapes,  each  with  a 
capacity  of  200GB. 

Davis  said  BakBone  Soft¬ 
ware  Inc.’s  NetVault 
product  is  used  to 
manage  the  SAN. 
The  software  does 
incremental  backups 
of  the  aircraft,  trajec¬ 
tory  and  atmospher¬ 
ic  data  sent  from  the 
JPL  on  a  daily  basis 
and  full  backups 
weekly. 

The  storage  infra¬ 
structure  is  also  fully 
redundant,  Davis 
noted.  The  SAN 
stores  about  5TB  of 
data  each  week,  and 
information  that  gets 
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NEW  TECHNOLOGY 


NAS  Gateway  500 

■  Supports  up  to  224TB  of  data 
and  12  Fibre  Channel  or  Gigabit 

Ethernet  network  interfaces. 

*************************** 

*  Includes  agents  for  IBM's 

Tivoli  storage  management 
software,  plus  autonomic 
computing  technology. 

■  Works  with  disk  arrays  made 
by  other  vendors  through  IBM's 
SAN  Volume  Controller  software. 

■  Starts  at  $67,000  for  a 
system  that  includes  a  NAS 

engine  and  a  two-processor 
IBM  pSeries  server. 

Karp  said  the  NAS  Gateway 
500  is  priced  to  compete  with 
top-selling  NAS  devices  from 
vendors  like  NetApp  and 
EMC.  It’s  also  “completely 
manageable  by  existing  infra¬ 
structure  applications,  which 
means  you  don’t  have  to  buy 
this  and  then  buy  another 
management  package  for  it,” 
he  said.  ©  44382 


Stephen  Lawson  of  the  IDG 
News  Service  contributed  to 
this  story. 


corrupted  during  the  tape 
backup  process  can  be  auto¬ 
matically  recovered  from  the 
disk  drives,  he  said. 

Desai,  who  works  at  the  JPL, 
helped  build  the  parachute 
and  airbag  system  to  cushion 
the  Spirit  and  Opportunity 
landings.  With  the  landing 
stage  of  the  Mars  program 
completed,  Desai  now  is  work¬ 
ing  to  convert  and  analyze  the 
data  sent  back  by  the  rovers. 

The  data,  which  traveled 
from  Mars  to  Earth  in  10  min¬ 
utes  at  light  speed,  is  being 
used  to  construct  a  telemetric 
model  that  characterizes  how 
the  probes  slid  through  the 
Martian  atmosphere. 

Because  of  an  atmospheric 
dust  storm  at  the  time  of  the 
Opportunity  landing  a  week 
ago  Saturday,  the  probe  was 
thrown  to  the  outer  limits  of 
its  landing  zone,  Desai  said. 

He  added  that  NASA  engi¬ 
neers  hope  to  use  the  data 
sent  back  from  the  craft  about 
its  descent  to  better  prepare 
for  future  landings.  ©  44435 
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Lotus  Users  Wary  About 
IBM’s  Workplace  Strategy 


Some  see  steep 
learning  curve 
with  J2EE-based 
architecture 


BY  STACY  COWLEY 

ORLANDO 

While  IBM’s  Lotus  Software 
Group  forges  ahead  with 
its  Workplace  strategy,  the 
company  still  has  work  to 
do  to  convince 
some  of  the  Lotus 
faithful  that  the 
new  architecture 
makes  as  much 
sense  for  them  as  it 
does  for  IBM. 

With  the  first  round  of 
Workplace  products  released 
and  the  second  due  soon, 
several  attendees  at  the  Lo- 
tusphere  partner  and  user 
conference  here  last  week  said 
they’re  interested  in  finding 
out  more  about  the  platform 
that  IBM  calls  its  focus  for  Lo¬ 
tus’  future. 

For  those  accustomed  to 
traditional  Notes/Domino  de¬ 
velopment,  Workplace,  based 
on  J2EE,  has  a  steep  learning 
curve,  said  Manpreet  Singh, 
chief  operating  officer  at  Den- 
mark-based  IT  Factory  A/S’s 
India  business.  IT  Factory  de¬ 
velops  applications  based  on 
Lotus  software. 

Singh  said  his  office  is  try¬ 
ing  to  develop  a  Workplace 
strategy.  It  has  had  customers 
ask  about  the  new  technology, 
though  no  one  has  signed  on 
yet  for  a  deployment.  Singh  is 
worried  about  the  portability 
of  custom  Domino  applica¬ 
tions  and  add-ons  to  the 
Workplace  system. 

“I’ve  been  talking  to  IBM. 
They  say  it’s  practically  drag- 
and-drop,”  Singh  said.  But  he’s 
skeptical.  “That’s  sales  talk. 

It’s  impossible,”  said  Singh. 

Alaa  El  Ghatit,  a  knowledge- 
management  technical  strate¬ 
gist  at  Hewitt  Associates  LLC, 
a  human  resources  outsourc¬ 
ing  and  consulting  firm  in  Lin- 


LOTUSPHERE 

Read  a  summary  of  news  from 
Lotusphere  on  our  Web  site: 
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colnshire,  Ill.,  says  he’s  con¬ 
cerned  about  the  resources  re¬ 
quired  to  migrate  to  a  system 
crafted  around  Workplace  soft¬ 
ware.  “We  need  a  lot  more  in¬ 
formation  on  the  ROI,”  he  said. 

Though  IBM  says  it  won’t 
abandon  its  Notes/Domino 
base,  El  Ghatit  says  he  worries 
that  keeping  up  with  current 
technology  will  require  fol¬ 
lowing  IBM  down  the  Work¬ 
place  path,  which  would  in¬ 
volve  significant 
costs  for  retraining 
staff  and  purchasing 
new  hardware. 

“Are  they  just  go¬ 
ing  to  dump  Domi¬ 


no  into  a  support  mode?  I 
think  there’s  still  some  con¬ 
cern,”  he  said. 

The  hardware  costs  associ¬ 
ated  with  Workplace  may  dis¬ 
suade  smaller  companies  from 
adopting  the  new  software. 
Workplace’s  advanced  fea¬ 
tures  mean  its  hardware  needs 
significantly  exceed  those  of 
the  “extremely  efficient” 
Domino  architecture,  Work¬ 
place  lead  architect  Jeff  Calow 
acknowledged  following  a  Lo¬ 
tusphere  technical  session. 

Larry  Bowden,  IBM’s  vice 
president  of  portal  solutions 
and  Lotus  products,  said  IBM 
is  listening  to  customer  con¬ 
cerns  about  Workplace  and 
moving  to  address  them  with 
tools  and  programs  intended 
to  smooth  the  transition. 

Here’s  the  Plan 

To  reassure  customers  that 
their  Lotus  investments  will  be 
protected,  IBM  announced  an 
unusually  farsighted  road  map 
at  the  show.  While  engineers 
prepare  for  the  late  2004  or 
early  2005  release  of  the  next 
major  Notes/Domino  upgrade, 
Release  7,  IBM  is  also  at  work 
on  Release  8,  which  will  mark 
the  functional  convergence  of 
Workplace  and  Notes/Domino. 
By  Release  8,  expected  in  late 
2005,  even  complex  Domino 
applications  will  be  accessible 
via  portlets  from  within  Work¬ 


place,  according  to  Bowden. 

Meanwhile,  IBM  is  offering 
development  tools  to  help  pro¬ 
grammers  ease  into  J2EE,  he 
said.  Plug-ins  for  WebSphere 
Studio  are  available  to  give  it 
some  of  the  look  and  feel  of 
Domino  Designer,  as  are  tools 
to  output  applications  devel¬ 
oped  in  Domino  Designer  to 
J2EE-consumable  portlets. 

“You  can  continue  for  years 
to  use  the  skills  you  have,” 
Bowden  said.  “Over  the  course 
of  the  next  three  years,  I  would 


suggest  that  you  broaden  your 
skill  set  to  involve  J2EE,  but 
there’s  no  emergency.” 

Lotus  executives,  including 
General  Manager  Ambuj  Goy- 
al,  say  the  impetus  for  IBM’s 
creation  of  the  Workplace  plat¬ 
form  was  a  recognition  that  Lo¬ 
tus  wasn’t  going  to  win  new 
business  without  offering  cus¬ 
tomers  a  more  flexible  and 
standards-based  approach  to 
building  collaboration  systems. 

For  one  potential  new  buyer, 
that’s  a  message  that  resonates. 
Amy  Palazzolo,  who  is  respon¬ 
sible  for  planning  Ford  Motor 
Co.’s  collaboration  architec¬ 
ture,  said  she  came  to  Lotu¬ 
sphere  to  investigate  Work¬ 
place  as  Ford  evaluates  options 
for  a  new  infrastructure. 


InfoVista  Upgrades  Tools  for 
Monitoring  IT  Performance 


BY  MATT  HAMBLEN 

InfoVista  Corp.,  which  com¬ 
petes  with  Hewlett-Packard 
Co.  and  other  vendors  of  net¬ 
work  and  system  performance 
management  tools,  today  will 
announce  enhancements  to  its 
software  that  are  designed  to 
help  users  match  their  IT  infra¬ 
structures  to  business  needs. 

The  move  makes  InfoVista 
the  latest  in  a  line  of  vendors 
that  are  putting  a  business  fo¬ 
cus  on  their  management  tools. 
The  new  products  will  provide 
a  “unified  presentation  layer” 


NEW  SOFTWARE 


VISTAF0UNDATI0N  2.0:  Lets 
users  maintain  models  of 
business  services  in  relation  to 
their  underlying  network  and 
system  components. 


VISTACAPACITY  PLANNER: 

Automates  the  process  of 
determining  the  amount  of  IT 
resources  required  to  support 
business  needs. 

VISTA0PERATI0NS  CENTER: 

Provides  notification,  diagnosis 
and  automated  resolution  of 
network  performance  problems. 


VISTASERVICE  MANAGER: 

Measures  and  manages  the 
availability  and  reliability  of 
applications  across  networks. 


that  connects  IT  systems  with 
the  business  services  they  sup¬ 
port,  said  Joe  Bergeva,  senior 
vice  president  of  marketing  at 
Herndon,  Va.-based  InfoVista. 

The  rollout  includes  Vista- 
Foundation  2.0,  an  upgraded 
tool  that  supports  network 
and  systems  analysis  and  con¬ 
figuration  management.  The 
software,  which  is  due  out 
next  month,  will  offer  new 
features  such  as  the  ability  to 
correlate  servers  and  network 
switches  with  business  ser¬ 
vices  and  then  monitor  their 
performance. 

A  suite  of  three  capacity 
planning,  operations  manage¬ 
ment  and  quality-of-service 
tools  that  work  with  Vista- 
Foundation  2.0  are  also  being 
announced,  for  shipment  in  the 
second  quarter.  Pricing  starts 
at  $50,000,  InfoVista  said. 

VistaService  Manager 
should  help  Houston-based 
Schlumberger  Information  So¬ 
lutions  enhance  quality-of-ser¬ 
vice  guarantees  to  its  network 
services  customers,  said  Mi¬ 
guel  Garcia,  a  program  manag¬ 
er  for  Dexanet,  a  global  IP  net¬ 
work  that  Schlumberger  runs 
for  35  oil  and  energy  compa¬ 
nies.  The  tool  will  give  Dex¬ 
anet  users  Web-based  access 
to  information  about  uptime 


Are  they  just 
1811  going  to  dump 
Domino  into  a  sup¬ 
port  mode?  I  think 
there’s  still  some 
concern. 

ALAA  EL  GHATIT,  TECHNICAL 
STRATEGIST.  HEWITT  ASSOCIATES 


“Ford’s  adoption  of  collabo¬ 
ration  has  mirrored  the  indus¬ 
try’s,”  she  said.  “We  have  a  lot 
of  best-of-breed  technologies 
mixed  together,  which  doesn’t 
integrate  well  and  gets  expen¬ 
sive  to  maintain.”  O  44424 


Cowley  writes  for  the  IDG  News 
Service. 


and  other  performance  mea¬ 
surements,  Garcia  said. 
Schlumberger  has  bought 
more  than  $250,000  worth  of 
Info  Vista’s  products  since  ear¬ 
ly  last  year,  he  added. 

James  Price,  manager  of  net¬ 
work  and  systems  monitoring 
at  Iron  Mountain  Inc.  in 
Boston,  said  he  hopes  to  take 
advantage  of  the  service-level 
management  and  capacity 
planning  capabilities  in  the 
new  tools,  partly  to  help  the 
company’s  document  manage¬ 
ment  customers  plan  for  larg¬ 
er  networks  as  they  grow. 

Iron  Mountain  spent 
$200,000  on  InfoVista  tools 
over  the  past  two  years  and 
plans  to  spend  another 
$300,000  this  year,  Price  said. 
Initially,  the  software  helped 
Iron  Mountain  create  a  data¬ 
base  of  network  and  systems 
configurations  out  of  what  he 
called  “absolute  chaos.” 

InfoVista’s  products  re¬ 
placed  management  tools 
from  vendors  such  as  HP  and 
Concord  Communications 
Inc.  “We’re  still  a  huge  HP 
shop,  and  we  still  own  HP 
OpenView  but  have  stopped 
using  it,  five  years  and  $2.5 
million  later,”  Price  said.  “It 
was  a  monolithic  behemoth.” 

He  added,  though,  that  Info¬ 
Vista’s  new  releases  need  to 
integrate  more  easily  with  one 
another  and  with  Iron  Moun¬ 
tain’s  internal  systems. 

O  44413 
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Microsoft  Loses 
Patent  Ruling . . . 

A  federal  judge  in  Arizona  ruled 
that  Microsoft  Corp.  has  infringed 
on  patents  held  by  Tucson,  Ariz.- 
based  Research  Corporation 
Technologies  Inc.  for  a  process 
used  to  create  halftone  images 
within  PC  applications.  The  judge 
sent  the  case  to  a  jury  for  a  trial 
to  determine  the  extent  of  the  in¬ 
fringement  and  monetary  dam¬ 
ages.  Microsoft  said  it  will  contest 
the  validity  of  the  patents. 


. . .  And  Faces  EC 
Guilty  Verdict 

In  other  Microsoft  legal  news, 
sources  close  to  the  European 
Commission  said  EC  competition 
officials  are  circulating  a  draft  rul¬ 
ing  that  the  company  abused  its 
desktop  operating  system  monop¬ 
oly.  The  draft  also  reportedly  says 
Microsoft  stifled  competition  in 
the  Windows  media  player  mar¬ 
ket.  Microsoft  said  it’s  discussing 
a  settlement  with  regulators. 


PeopleSoft’s  Board 
Targeted  by  Oracle 

Oracle  Corp.  notified  PeopleSoft 
Inc.  that  it  will  nominate  five  indi¬ 
viduals  for  seats  on  PeopleSoft’s 
board  as  part  of  its  hostile  take¬ 
over  attempt.  In  response,  Peo¬ 
pleSoft  claimed  that  Oracle’s 
planned  nominees  “are  biased 
and  would  have  irreconcilable 
conflicts  of  interest.’’  Meanwhile, 
the  European  Union  said  it  ex¬ 
pects  to  finish  an  antitrust  review 
of  Oracle’s  unsolicited  $7.3  billion 
offer  by  April  21. 


Short  Takes 

12  TECHNOLOGIES  INC.  reported  a 
fourth-quarter  loss  of  $7  million 
on  revenue  of  $97.7  million.  CEO 
Sanjiv  Sidhu  said  he  expects  the 
fallout  from  last  year’s  financial 
reaudit  to  affect  sales  for  the  next 

few  quarters _ SPRINT  CORP. 

added  more  IP  virtual  private  net¬ 
work  services,  including  one 
based  on  Multiprotocol  Layer 
Switching  technology. 


Mydoom 

the  infected  computer. 

While  several  vendors  of  se¬ 
curity  products  were  issuing 
dire  warnings  of  widespread 
havoc  and  dangerous  back 
doors  being  left  open  on  cor¬ 
porate  networks  by  Mydoom, 
others  were  less  dramatic. 

“From  all  indications,  cor¬ 
porations  of  a  size  large 
enough  to  afford  antivirus 
[software]  at  the  e-mail  gate¬ 
way  were  unaffected,”  said 
Russ  Cooper,  moderator  of  the 
NT  Bugtraq  mailing  list  and 
an  analyst  at  Herndon,  Va.- 
based  TruSecure  Corp. 

Companies  that  filter  out 
e-mail  attachments  or  analyze 
the  contents  of  attachments  at 
the  gateway  also  were  unlikely 
to  have  been  significantly  af¬ 
fected,  said  Darwin  Ammala,  a 
computer  security  engineer  at 
Harris  Corp.’s  STAT  network 
security  unit. 

Mydoom  did  have  a  sub¬ 
stantial  impact  on  home  users 
and  small  businesses,  though, 
with  at  least  one  estimate  that 
up  to  500,000  systems  world¬ 
wide  may  have  been  infected 
by  last  Thursday.  And  the 
virus’s  potential  to  enable 
massive  denial-of-service  at¬ 
tacks  against  The  SCO  Group 
Inc.’s  and  Microsoft  Corp.’s 
Web  sites  remained  a  trouble¬ 
some  concern  at  the  end  of  the 
week.  Both  companies  an¬ 
nounced  substantial  rewards 
for  information  leading  to  the 
arrest  of  the  virus  writer. 

Lessons  Learned 

Donald  Armstrong,  director  of 
enterprise  information  securi¬ 
ty  at  T-Mobile  USA  Inc.  in 
Bothell,  Wash.,  said  that  of  the 
20,000  desktops  on  his  compa¬ 
ny’s  network,  only  five  were 
infected  by  the  fast-moving 
virus.  He  said  there’s  a  “new 
mentality”  inside  companies 
today  that  makes  end  users 
wary  of  opening  attachments. 

“We  weren’t  bothered  by 
this  at  all,”  said  Ben  Nakamura, 
network  administrator  for  the 
Seattle  Mariners  baseball  team. 
He  said  the  company  was  hit 
hard  by  a  virus  nearly  two 
years  ago  when  someone 


opened  an  attachment.  Users 
have  learned  their  lesson,  he 
said.  “They  do  not  want  me 
to  humiliate  them  in  public, 
which  I’ll  do  if  they  ever  open 
a  virus  attachment.” 

“We  are  surprised  by  how 
little  it  has  affected  us  so  far,” 
echoed  Trey  Miller,  manager 
of  telecommunications  ser¬ 
vices  at  Vertis  Inc.  The  Balti¬ 
more-based  advertising  and 
media  services  company  uses 
virus  protection  services  from 
Postini  Inc.,  which  scanned 
all  of  its  e-mail  and  blocked 
everything  containing  My¬ 
doom  long  before  the  traffic 
hit  Vertis’  network,  Miller  said. 

But  the  fact  that  some  anti¬ 
virus  vendors  didn’t  have  a  fix 
for  Mydoom  before  it  infected 
some  computers  is  worrisome, 
said  Eric  Beasley,  senior  net¬ 
work  manager  at  Baker  Hill 
Corp.,  a  Carmel,  Ind.-based 
application  service  provider. 

Even  though  Baker  Hill 


[Users]  do  not 
want  me  to 
humiliate  them  in 
public,  which  HI  do 
if  they  ever  open  a 
virus  attachment. 


BEN  NAKAMURA,  NETWORK  ADMIN¬ 
ISTRATOR,  SEATTLE  MARINERS 

updates  its  virus  signatures 
hourly,  Mydoom  still  infected 
about  50  of  its  PCs  before  the 
company’s  antivirus  provider 
had  a  fix.  “In  the  past,  we 
would’ve  had  a  fix  well  before 
the  virus  hit  us,”  Beasley  said. 

Such  outbreaks  show  why  it 
may  no  longer  be  enough  to 
rely  solely  on  signature-based 
antivirus  products  for  protec¬ 
tion,  users  said.  Even  though 
Mydoom  wasn’t  very  different 
from  scores  of  similar  viruses, 
including  a  recent  one  called 


Mimail,  antivirus  vendors  still 
had  to  write  a  separate  signa¬ 
ture  to  stop  Mydoom. 

“It’s  a  reactive  measure  with 
[antivirus]  products,”  said 
Mark  Dayton,  PC  network  su¬ 
pervisor  at  Alabama  Electric 
Cooperative  Inc.  in  Andalusia. 
“You  have  to  wait  for  new 
virus  signatures  to  become 
available  before  you  can  patch 
your  systems.” 

It’s  partly  for  that  reason 
that  the  utility  recently  decid¬ 
ed  to  outsource  antivirus  ser¬ 
vices  to  Atlanta-based  Inter¬ 
net  Security  Systems  Inc.  The 
ISS  service  is  based  on  a  pro¬ 
prietary  approach  designed  to 
offer  protection  against  specif¬ 
ic  vulnerabilities  rather  than 
the  viruses  exploiting  them. 

“It  was  certainly  very  effective 
in  blocking  against  Mydoom,” 
Dayton  said.  ©  44429 


Mark  Hall  contributed  to 
this  story. 


Antivirus  Software  Vendors  Fuel  Mydoom  Hype 


Mydoom  may  have  emerged  as 
one  of  the  fastest-spreading 
viruses  in  history,  but  it  was 
nowhere  near  as  destructive  for 
corporations  as  other  pieces  of 
malicious  code,  such  as  Slam¬ 
mer  and  Blaster. 

Yet  corporate  users  would 
never  know  that  from  the  stream 
of  grim  advisories  issued  last 
week  by  antivirus  vendors  and 
other  security  firms. 

For  example,  an  alert  issued 
by  Sybari  Software  Inc.  in  East 
Northport,  N.Y.,  warned  oHH| 
“spreading  doom  to  corporate 
in-boxes.”  The  Sybari  advisory 
stated  that  Mydoom  presented 
“a  huge  problem  for  organiza¬ 
tions  as  it  affects  worker  produc¬ 
tivity  and  poses  a  critical  securi¬ 
ty  risk  for  corporate  networks." 

Tom  Buoniello,  a  vice  presi¬ 
dent  at  Sybari,  said  the  advisory 
was  an  attempt  to  get  compa¬ 
nies  to  pay  attention  to  the  po¬ 
tential  seriousness  of  the  virus. 
But  he  acknowledged  that  most 
corporations  appeared  to  have 
escaped  unscathed  because  of 
existing  antivirus  protections 
and  e-mail  filtering  techniques. 

McAfee  Security,  a  unit  of 


Santa  Clara-based  Network 
Associates  Inc.,  rated  Mydoom 
as  a  “high-outbreak”  threat  to 
businesses.  The  company  is¬ 
sued  an  advisory  on  Thursday 
warning  that  the  virus  had  infect¬ 
ed  about  500,000  systems 
worldwide  and  was  showing  no 
signs  of  abating. 

Craig  Schmugar,  a  virus  re¬ 
searcher  at  McAfee,  later  said 
that  althoughlo  breakdown  was 
available  to  determine  how  many 
of  thos^Hms  were  corporate 
systems,  the  majority  probably 
belonged  to  home  and  small- 
business  users. 

Maybe  Just  a  ‘Nuisance’ 

An  advisory  from  Medina,  Ohio- 
based  antivirus  software  vendor 
Central  Command  Inc.  referred 
to  serious  e-mail  congestion  and 
stated  that  many  corporations 
were  being  “bombarded  with 
Mydoom  infected  messages." 

Steven  Sundermeier,  vice 
president  of  products  and  ser¬ 
vices  at  the  company,  later  clari¬ 
fied  that  apart  from  Central 
Command’s  own  customers,  it 
was  very  hard  to  “pinpoint  with 
100%  accuracy  who  is  or  isn’t 


infected."  Much  of  the  conges¬ 
tion  was  the  result  of  corporate 
e-mail  gateways  getting  bom¬ 
barded  with  infected  e-mails  and 
was  unlikely  to  have  been  more 
than  a  “nuisance,”  he  said. 

MessageLabs  Inc.,  a  provider 
of  e-mail  services  in  New  York, 
was  quick  to  call  Mydoom  the 
most  virulent  virus  in  history, 
based  on  its  analysis  of  the  in¬ 
fected  traffic  it  was  intercepting 
on  behalf  of  clients.  And  by  mid¬ 
week,  various  numbers  were  be¬ 
ing  bandied  about  claiming  that 
anywhere  from  a  third  to  a  half 
of  all  e-mail  traffic  on  the  Inter¬ 
net  was  infected  with  Mydoom. 
But  there  was  far  less  discussion 
of  how  much  of  this  traffic  might 
have  been  intercepted  or  filtered 
out  at  corporate  gateways. 

Because  users  had  to  click  on 
an  infected  attachment  for  My¬ 
doom  to  be  activated,  it  was  also 
a  lot  less  dangerous  for  corpora¬ 
tions  than  attacks  such  as 
Blaster,  which  was  capable  of 
infecting  machines  and  scan¬ 
ning  internal  networks  for  other 
vulnerable  systems  without  any 
user  intervention. 

-JaikumarVijayan 
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Software  to  Help  TVA 
Cut  Temp  Labor  Costs 


Hosted  system  will  let  power  generator 
run  online  auctions  to  bid  out  contracts 


BY  THOMAS  HOFFMAN 

he  Tennessee  Val¬ 
ley  Authority  is  in¬ 
stalling  a  contingent- 
workforce  manage¬ 
ment  system  that’s  expected 
to  pay  for  itself  within  a  year, 
partly  by  enabling  electronic 
bidding  by  companies  that 
supply  IT  contractors  and 
other  temporary  workers. 

The  TVA,  the  nation’s 
largest  public  power  genera¬ 
tor,  began  deploying  Elance 
Inc.’s  workforce  management 
software  in  late  December. 

The  browser-based  system, 
which  will  be  hosted  by  Elance 
and  is  due  to  go  into  produc¬ 
tion  by  May,  is  expected  to 
help  the  TVA  negotiate  better 
labor  rates  for  the  approxi¬ 
mately  1,500  IT  workers,  engi¬ 
neers  and  clerical  staffers  that 
it  typically  uses  to  augment  its 
internal  workforce. 

For  example,  Diane  Bunch, 
the  TVA’s  senior  vice  presi¬ 
dent  of  information  services, 
said  she  expects  the  competi¬ 
tive  bidding  capabilities  made 
possible  by  the  new  system  to 
save  her  group  $200,000  to 
$300,000  a  year  in  labor  costs. 

‘Like  eBay’ 

“Now  we’ll  be  able  to  enter  a 
job  description  into  the  sys¬ 
tem,  and  it’ll  be  like  eBay,”  said 
Bunch.  About  85  contractors 
are  currently  being  used  to 
supplement  the  TVA’s  643- 
employee  IT  staff,  she  noted. 

Bunch  said  the  system 
should  also  provide  other  ben¬ 
efits,  including  an  electronic 
history  of  the  IT  projects  that 
contractors  have  worked  on. 

In  addition  to  contractors, 
the  system  will  support  the 
Knoxville,  Tenn. -based  TVA’s 
seasonal  hiring  of  about  4,000 
union  trade  workers,  such  as 
electricians  who  are  hired  to 
do  preventive  maintenance 


work  during  off-peak  periods 
in  the  spring  and  fall.  That 
part  of  the  system  is  sched¬ 
uled  to  go  into  use  by  mid¬ 
summer,  said  Paul  LaPointe, 
the  TVA’s  senior  vice  presi¬ 
dent  of  procurement. 

The  TVA  currently  relies  on 
a  manually  intensive  process 
to  manage  its  contingent 
workforce,  according  to  La¬ 
Pointe.  Requests  to  the  15  to 
20  companies  that  supply  the 
authority  with  contract  work¬ 
ers  are  typically  handled 
through  a  flurry  of  phone 
calls,  faxes  and  e-mails,  with  a 
mix  of  spreadsheets  and  other 


BY  JAMES  NICCOLAI 

Microsoft  Corp.  last  week 
shipped  software  that  adds  re¬ 
porting  capabilities  to  SQL 
Server  2000,  rounding  out  the 
line  of  business  intelligence 
tools  the  company  integrates 
with  its  relational  database. 

SQL  Server  2000  Reporting 
Services  has  been  available  for 
beta  testing  since  October. 

One  of  the  testers  was  The 
Long  &  Foster  Cos.,  a  Fairfax, 
Va.-based  real  estate  services 
firm  that  wants  to  standardize 
on  the  technology  to  deliver 
nearly  300  corporate  reports 
to  its  13,000  employees. 

Lance  Morimoto,  senior 
manager  of  e-commerce  and 
application  development  at 
Long  &  Foster,  said  it  now 
uses  a  mishmash  of  reporting 
tools  from  vendors  like  Cog- 
nos  Inc.  and  Crystal  Decisions 
Inc.,  which  was  acquired  by 
Business  Objects  SA  in  De¬ 
cember.  Long  &  Foster  has 
completed  a  pilot  program  in¬ 
volving  35  reports  and  is  hap¬ 
py  with  the  Reporting  Ser¬ 
vices  software  so  far,  he  said. 


systems  used  to  track  the  head 
count  and  whereabouts  of 
temporary  help,  he  said. 

LaPointe  didn’t  disclose  the 
software  project’s  cost,  but  he 
said  that  the  TVA  expects  a 
return  on  its  investment  with¬ 
in  12  months. 

Beyond  the  initial  ROI,  he 
added,  the  authority  antici¬ 
pates  that  the  system  will  gen¬ 
erate  ongoing  savings  through 
improved  compliance  with 
workforce  policies  and  con¬ 
tract  provisions,  process  stan¬ 
dardization  and  system-gener¬ 
ated  invoicing. 

Ashley  Stirrup,  vice  presi¬ 
dent  of  products  and  market¬ 
ing  at  Sunnyvale,  Calif.-based 
Elance,  said  the  total  cost  of  a 
hosted  system  for  a  large  com- 


The  company  created  the  35 
reports  with  Microsoft’s  new 
Report  Writer  authoring  tool, 
which  is  offered  as  an  add-on 
to  the  vendor’s  Visual  Studio 
.Net  development  suite.  “The 
whole  solution  is  pretty  tightly 
integrated  with  .Net,”  Mori¬ 
moto  noted. 

But  he  added  that  it’s  too 
early  to  tell  whether  Report 
Writer  will  suffice  for  porting 
Long  &  Foster’s  250  existing 


PRODUCT  DETAILS 


SQL  Server  2000 
Reporting  Services 

-  Lets  users  program  their 
date  ies  o  generate  reports 
and  then  helps  manage  and 
distribute  the  reports. 

Can  pull  data  from  multiple 
sources,  including  Oracle  and 
B2  databases  as  well  as 
SAP’s  business  applications. 

-  Exports  reports  directly  to 
Excel  spreadsheets  or  gener¬ 
ates  them  in  formats  such  as 
HTML,  PDF  and  XML. 


Reporting  Tools  Added  to 


pany  is  typically  $3  million  to 
$7  million  over  three  years, 
depending  on  the  procure¬ 
ment  volumes  that  are  proc¬ 
essed  through  the  system.  The 
TVA’s  contract  falls  within 
that  range.  Stirrup  said. 

Before  starting  the  project, 
the  TVA  looked  at  companies 
that  had  installed  similar  sys¬ 
tems,  such  as  General  Electric 


SQL  Server 

reports  to  Microsoft’s  technol¬ 
ogy.  There  may  still  be  a  need 
to  use  third-party  software 
like  Crystal  Reports,  he  said. 

Dan  Zerfas,  vice  president 
of  application  development  at 
First  Premier  Bank  in  Sioux 
Falls,  S.D.,  said  the  version  of 
Report  Writer  that  was  includ¬ 
ed  with  the  second  beta  re¬ 
lease  of  Reporting  Services  in 
November  was  much  better 
than  the  initial  test  code.  “It’s 
like  night  and  day,”  he  said. 

First  Premier  had  been 
building  reports  using  Micro¬ 
soft’s  SQL  Query  Analyzer  and 
Access  database.  Its  develop¬ 
ers  were  able  to  virtually  cut 
and  paste  the  Access  code  into 
Reporting  Services,  which 
saved  a  lot  of  time,  Zerfas  said. 
They  also  liked  the  software’s 
user  interface,  he  added. 

Philip  Russom,  an  analyst  at 
Forrester  Research  Inc.,  said 
he  doesn’t  expect  Microsoft’s 
entry  into  the  market  to  hurt 
reporting  tools  vendors  too 
badly.  Report  Writer  is  a  “Ver¬ 
sion  1”  product  that  needs  to 
mature,  Russom  said,  adding 


Co.  and  FedEx  Corp.,  to  assess 
the  potential  benefits  and  do 
cost  benchmarks.  The  project 
was  approved  by  the  TVA’s 
budget  review  committee  in 
November,  LaPointe  said. 

The  TVA  is  currently  work¬ 
ing  with  Elance  to  integrate 
the  software  with  its  main- 
frame-based  procurement  sys¬ 
tem,  which  is  based  on  appli¬ 
cations  developed  by  Indus 
International  Inc.  in  Atlanta. 

FedEx  Express,  which  went 
live  with  Fiance’s  software  in 
August  2002,  saw  a  payback  in 
less  than  six  months  and  has 
reduced  the  time  it  takes  to 
find  temporary  help  by  more 
than  75%,  said  Zondra  Brown, 
manager  of  express  business 
services  at  the  FedEx  unit. 

Elance’s  rivals  include  Ariba 
Inc.  and  PeopleSoft  Inc. 

Christa  Degnan,  an  analyst 
at  Aberdeen  Group  Inc.  in 
Boston,  said  users  of  the  work¬ 
force  tools  should  be  able  to 
shave  their  contract-labor 
costs  by  10%  to  15%.  ©  44433 


that  the  success  of  Reporting 
Services  depends  partly  on 
whether  vendors  such  as 
Cognos  and  Business  Objects 
agree  to  support  Microsoft’s 
Report  Definition  Language. 
That  would  let  reports  au¬ 
thored  with  third-party  tools 
be  managed  and  distributed 
through  Microsoft’s  software. 

Microsoft  released  Report¬ 
ing  Services  11  months  after 
announcing  its  plan  to  add  the 
technology  [QuickLink  36368]. 
It  originally  planned  to  intro¬ 
duce  the  software  with  Yukon, 
a  64-bit  upgrade  of  SQL  Serv¬ 
er.  But  the  Yukon  launch  was 
delayed  until  later  this  year, 
prompting  Microsoft  to  offer 
the  reporting  capabilities  with 
SQL  Server  2000. 

Microsoft  is  now  working 
on  a  Reporting  Services  up¬ 
grade  that  will  ship  with 
Yukon,  said  Thomas  Rizzo,  di¬ 
rector  of  its  SQL  Server  man¬ 
agement  team.  That  version 
will  be  able  to  more  easily 
generate  reports  from  online 
analytical  processing  databas¬ 
es,  Rizzo  said.  ©  44434 


Niccolai  writes  for  the  IDG 
News  Service. 
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Cleaning  IT’s  Basement 


IF  EVER  YOUR  HOUSE  starts  sinking  into  the 
earth,  the  old  joke  goes,  look  for  the  culprit 
in  those  piles  of  National  Geographic  maga¬ 
zines  stacked  in  some  corner  of  the  basement. 
Everyone  with  a  pack  rat  in  the  family  knows 
why  that’s  still  funny  (and  why  those  piles  are  proba¬ 
bly  still  growing). 


At  my  house,  the  moun¬ 
tains  of  magazines  are  a 
molehill  compared  with 
the  swelling  stacks  of  old 
PC  monitors  and  obso¬ 
lete  electronic  gear.  And 
that  stuff  can’t  be  surrep¬ 
titiously  tossed  in  the 
trash  (when  the  pack  rat 
is  off  at  Home  Depot), 
because  of  its  toxic  con¬ 
tents.  E-waste  has  to  be 
hauled  off  to  special  haz¬ 
ardous-waste  disposal 
centers  instead.  And  what  a  big  pain 
that  is.  So  the  pile  keeps  growing. 

Now,  imagine  that  tendency  on  a 
much  grander  corporate  scale,  and 
turn  to  this  week’s  “Toxic  Legacy” 
cover  story  to  see  what  your  com¬ 
pany  needs  to  know  about  e-waste 
disposal. 

Why  should  you  care?  Because  the 
liability  risks  are  growing.  So  are  the 
fines  and  legal  penalties  companies 
face  if  they  screw  up  the  disposal 
process,  which  gets  more  restrictive 
every  year. 

The  physical  scope  of  the  problem 
is  daunting,  with  63  million  PCs 
junked  last  year  alone  and  an  esti¬ 
mated  315  million  PCs  piling  up  in 
U.S.  landfills  by  the  end  of  this  year. 
Legislation  to  crack  down  on  e-waste 
disposal  is  pending  in  24  states,  and 
some  already  ban  certain  IT  prod¬ 
ucts  from  landfills.  The  EPA  has 
tagged  e-waste  as  the  fastest-grow¬ 
ing  stream  of  waste  in  the  U.S.,  in 
fact.  Not  exactly  a  point  of  pride  for 
this  industry. 

The  public  embarrassment  of  be¬ 
ing  identified  as  an  e-waste  polluter 
—  as  Dell  was  in  a  2002  report  by 
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two  activist  groups  —  is 
another  weighty  conse¬ 
quence  of  ignoring  the 
issue.  Even  though  the  PC 
maker  today  offers  com¬ 
puter  recycling  programs, 
that  didn’t  stop  150  stu¬ 
dent  organizations  from 
50  states  from  signing  an 
ad  that  ran  this  past  De¬ 
cember  in  The  Austin 
Chronicle,  the  alternative 
weekly  in  Michael  Dell’s 
hometown,  urging  the 
company  to  recycle  responsibly. 
Hewlett-Packard  and  IBM  learned 
quickly  from  Dell’s  experience  and 
set  up  their  own  computer  “take- 
back”  recycling  programs. 

So,  what  are  IT  organizations  do¬ 
ing  about  it  all?  Hiding  the  problem 
in  the  basement,  for  the  most  part. 

“The  No.  1  solution  for  IT  disposal 


today  is  storage,”  said  one  recycling 
company  VP  quoted  in  our  story.  But 
physical  storage,  unlike  the  digital 
kind,  is  getting  more  expensive,  and 
companies  eventually  run  out  of 
room.  The  cost  of  legitimate  disposal 
is  about  $30  per  PC.  When  you  mul¬ 
tiply  that  by  hundreds  or  thousands 
of  machines  per  company,  the  desire 
to  avoid  that  bill  entices  some  into 
foolishly  (and  illegally)  cutting  cor¬ 
ners.  “You  can  still  get  a  guy  in  a  lit¬ 
tle  red  truck  to  haul  away  your  PCs, 
so  nobody  wants  to  focus  on  this  is¬ 
sue,”  as  one  IT  exec  put  it. 

But  focus  on  it  you  should.  Com¬ 
panies  like  health  care  provider 
Kaiser  Permanente  are  taking  pro¬ 
active  approaches  to  dealing  with 
end-of-life  computer  equipment, 
such  as  including  disposal  terms  and 
conditions  upfront  in  vendor  pur¬ 
chase  agreements.  Our  story  is 
packed  with  ideas  like  that  one  and 
other  practical  tips  and  protective 
measures.  We  also  offer  some  sam¬ 
ple  documents  online  [QuickLink 
44350]  that  show  how  one  Fortune 
500  company  is  vetting  equipment 
disposal  vendors  and  crafting  legally 
sound  disposal  requirements. 

So,  grab  your  broom  and  open  that 
basement  door.  ©  44400 


PIMM  FOX 

Skip  the 
Wall  Street 
Middlemen 

IF  SOME  of  the  Google  IPO 
takes  place  as  a  Dutch 
auction  conducted  online, 
with  shares  offered  directly  to 
investors,  Wall  Street  brokers 

(both  retail  and  institutional)  had  bet¬ 
ter  plan  alternative  careers. 

Google’s  potential  initial  public  of¬ 
fering  is  the  focus  of  intense  specula¬ 
tion.  It  might  happen  this  spring.  The 
company  might  offer  a  10%  or  15% 
stake  for  $2  billion  —  valuing  the 
whole  shebang  at  as  much  as  $20  bil¬ 
lion.  And  some  of  those  shares  might 
end  up  being  sold  via  San  Francisco- 
based  W.R.  Hambrecht’s  OpenlPO  sys¬ 
tem  in  an  online  auction  where  in¬ 
vestors  can  register  and  then  bid  for 
shares  in  much  the  same  way  people 
bid  for  merchandise  on  eBay. 

Using  eBay  as  a 
model  could  work  to 
boost  investor  confi¬ 
dence  and  help  make 
the  IPO  process  more 
fair.  On  Wall  Street, 
the  bias  of  invest¬ 
ment  research  de¬ 
partments,  the  pref¬ 
erential  treatment  be¬ 
stowed  upon  favored 
clients  and  the  greed 
of  sales-hungry  bro¬ 
kers  make  it  impossi¬ 
ble  for  individual  investors  to  wield 
any  clout.  Unless  you’re  New  York  At¬ 
torney  General  Eliot  Spitzer  or  a  secu¬ 
rities  lawyer  with  lots  of  extra  time, 
complaining  about  bad  Wall  Street  re¬ 
search,  faulty  stock  picks  and  high 
commission  rates  or  fees  won’t  get  you 
as  much  as  a  free  lunch  or  an  apology. 

The  army  of  well-paid  Wall  Street 
middlemen  doesn’t  add  value  to  the 
IPO  process,  which  is  why  Google’s  of¬ 
fering  might  represent  the  first  step  to¬ 
ward  driving  them  out  of  business.  If 
you  can  sell  airline  tickets,  books,  pre¬ 
scription  drugs  and  automobiles  di¬ 
rectly  to  consumers  via  the  Internet, 
why  not  shares  in  companies?  Wall 
Street  types  once  said  that  trust  and  re¬ 
sponsibility  were  big  enough  issues  to 
warrant  their  participation.  They  cer¬ 
tainly  have  disabused  us  of  that  notion. 
And  yes,  when  you’re  trying  to  sell 
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Strategic  problem-solving  and  peer  networking  with  the  nation’s  IT  leaders 


Conference  sessions  will  cover  these 
critical  areas: 

•  Extending  Data  Management,  Enterprise  Integration 
and  Web  Services 

•  Creating  a  Next-Generation  Infrastructure,  Reducing 
Complexity  and  Enhancing  Business  Value 

•  Charting  New  Directions  in  IT  Governance, 
Regulatory  Compliance  and  Project  Leadership 

•  Advancing  Security  and  Business  Continuity 
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For  companies  interested  in  sponsoring  and  exhibiting,  contact  your  Computerworld  account  director,  or  Leo  Leger  at  508-820-8212. 


Mapping  the  Future  of  IT: 
March  7-9, 2004 


•  Exchange  Innovative  Ideas  and 
Strategies  with  Computerworld’s 
Premier  100  IT  Leaders 

•  Witness  an  Industry  First  as 

Bob  Metcalfe  Debates  Nicholas  Carr 
about  Why  IT  Matters 

•  Learn  How  Some  of  the  World’s  Leading 
Companies  are  Tackling  Tough  Choices 
with  Infrastructure,  Integration, 
Security  and  IT  Governance 


COMPUTERWOHH 


IT  LEADERS 

CONFERENCE  2004 


MARCH  7-9, 2004 

JW  Marriott 
Desert  Springs  Resort 

Palm  Desert, 
California 


Computerworld's  Premier  100  IT  Leaders 
Conference  is  a  dramatically  different,  high 
impact  executive  event.  Now  in  its  5th  year, 
this  annual  conference  brings  together  hun¬ 
dreds  of  senior  IT  executives  for  a  compelling 
series  of  high-level  discussion  panels,  pre¬ 
sentations  and  peer  networking  activities. 

The  Premier  100  IT  Leaders  for  2004  will  be 
announced  and  profiled  in  our  January  5, 
2004,  issue  of  Computerworld  and  honored 
during  a  special  ceremony  at  the  March  7-9, 
2004,  conference.  Rich  with  peer  advice  and 
real-world  case  studies,  the  conference 
content  is  built  directly  from  user  feedback 
provided  by  the  honorees  themselves.  Our 
editors  design  a  no-nonsense  agenda  that 
features  Premier  100  honorees  and  other  IT 
leaders  focusing  exclusively  on  top-of-mind 
issues  and  concerns  of  senior  IT  management. 


WHY  YOU  SHOULD  ATTEND 

Are  you  responsible  for  mapping  the  future  of  your  organization's  informa¬ 
tion  technology?  Want  to  exchange  innovative  ideas  and  strategies  with 
other  top  IT  executives?  Then  attend  Computerworld's  Premier  100  IT 
Leaders  Conference,  the  ONLY  conference  where  you  can  hear  from  - 
and  network  with  -  Computerworld's  Premier  100  IT  Leaders. 

WHO  ARE  THE  PREMIER  100? 

They  are  a  unique  set  of  award  winning  IT  executives  with  valuable  lessons 
to  share  and  advice  to  offer  YOU.  They  are  technologists  who  understand 
business  needs,  take  calculated  risks  and  lead  through  innovation.  They 
are  CIOs,  vice  presidents  of  IT,  directors  of  IT  and  business  managers 
honored  as  Computerworld’s  Premier  100  from  a  wide  swath  of  vertical 
industries.  When  you  attend  this  unique  conference,  you  will  hear  proven 
examples  of  how  these  IT  Leaders  have  advanced  their  organizations 
through  innovative  leadership  and  proven  strategies. 


CONFERENCE  CHAIR: 


SPECIAL  GUEST  SPEAKER: 

BEN  STEIN 

Author,  Humorist, 
Lawyer,  Economist, 
Actor  and  Educator 


WHAT  IS  UNIQUE? 

Crafted  by  Computerworld  editors,  this  conference  offers  a  radical  departure  from  the  standard  IT  event.  With  a 
focus  on  great  ideas,  best  practices  and  real  applications  of  IT  strategy,  you’ll  gain  direct  insight  from  leading  user 
organizations.  The  major  sessions  provide  highly  interactive,  entertaining  discussions  with  IT  Leaders  and  industry 
experts  -  each  moderated  by  Computerworld  editors  in  a  town-hall  meeting  format.  Key  topics  center  on  the 
intersection  of  technology  and  business  in  areas  critically  important  to  today’s  IT  management. 


AGENDA:  SUNDAY,  MARCH  7, 2004 

Also  available  at  www.premier100.com/cwt 


12:00pm  -  5:00pm  Pre-conference  Golf  Outing 
7:00pm  -  9:00pm  Welcome  Reception 


Sponsored  by: 


The  Value  of  Trust611 


AGENDA:  MONDAY,  MARCH  8, 2004 

www.premier100.com/cwt 


7:00am -8:00am 
8:00am  -  8:15am 


8:15am  -  8:45am 


8:45am  -  9:30am 


9:30am -10:15am 


Buffet  Breakfast 

Welcome  and  Opening  Remarks 

Maryfran  Johnson,  Editor  in  Chief,  Computerworld 


Opening  Keynote  Address:  From  IT  Expense  to  IT  Value 

Glen  Salow,  EVP  &  CIO,  American  Express 

At  American  Express  Company,  everything  rides  on  the  IT  “manufacturing  plant"  forging  the  value  chain  for  this 
diversified  global  provider  of  travel,  financial  and  network  services.  During  the  past  few  years,  CIO  Glen  Salow 
has  crafted  a  new  value  agenda  for  IT  within  the  company,  turning  relationships  with  the  business  side  into  part¬ 
nerships,  leading  a  critical  move  to  outtask  the  company's  technology  operations  and  managing  demand  for 
technology  services  in  ways  that  saved  significant  expense.  As  one  of  the  earliest  of  IBM’s  “Computing  on 
Demand”  customers  in  2002,  Salow  transitioned  approximately  2,000  employees  in  markets  around  the  world  to 
IBM  and  crafted  a  similar  but  smaller  deal  with  AT&T  for  networking  services.  The  end  result  is  a  far  more  flexible 
IT  infrastructure  that  responds  swiftly  to  business  change.  In  his  keynote  address,  Salow  will  talk  about  recasting 
IT  from  a  cost  center  to  a  value  producer,  and  how  IT  leaders  who  concentrate  on  delivering  value  will  build  the 
best  futures  for  their  own  companies. 

Discussion  Panel:  The  Once  and  Future  Infrastructure: 

An  Enterprise  Reality  Check 

Panel  Moderator:  Patrick  Thibodeau,  Senior  Reporter,  Computerworld 

Panelists:  Perry  Cliburn,  CIO,  Hewitt  Associates;  Steven  Sheinheit,  SVP  &  CTO,  MetLife  Inc.; 

Evon  Jones,  SVP  &  CIO,  The  Dial  Corp.;  Michael  Ashworth,  Managing  Director  &  CIO,  JP  MorganChase 
Investment  Bank 

IT  leaders  are  inundated  with  vendor  pitches  for  autonomic,  “on  demand,"  and  various  forms  of  utility  “pay  as 
you  go”  computing,  but  how  well  do  these  evolving  computing  models  match  the  actual  needs  of  the  enter¬ 
prise?  Upgrading  their  aging  corporate  infrastructures  is  indeed  a  top  priority  for  many  companies  today,  but 
the  task  involves  a  complex  cascade  of  decisions  around  desktop  management,  server  consolidation,  blades 
and  clustering,  open  source,  wireless  and  even  outsourcing  considerations.  Alternative  financing  and  new 
sourcing  approaches  also  come  into  play,  but  what  are  the  tradeoffs?  Loss  of  flexibility  and  control?  Vendor 
lock-in?  This  panel  of  experienced  senior  IT  managers  will  tackle  these  tough  questions  as  they  talk  about 
their  strategies,  plans  and  problem-solving  approaches  to  building  out  a  “once  and  future"  infrastructure 
primed  for  business  growth. 

“Best  in  Class”  Project  Leadership  Lightning  Round 

Witness  a  fast-paced  trio  of  user  presentations  and  audience  Q&A,  featuring  the  most  innovative,  high-impact  case 
studies  from  the  Premier  100  honorees. 


“Computerworld’s 
Premier  100  IT 
Leaders  Conference 
attracts  the  technology 
elite  because  of 
its  focus  -  maximizing 
the  business  value 
of  IT.” 

Susan  Unger 
Senior  VP  and  CIO 
DaimlerChrysler 


DaimlerChryslerI 


10:15am -10:30am  Break 


10:30am  -  11:00am  Evaluating  Infrastructure  Renewal  Through  Scenario-Based  Decision-Making 

Brian  Leinbach,  SVP  of  Operations,  Delta  Technology,  Inc.  (a  unit  of  Delta  Air  Lines) 

IT  managers  have  long  known  that  the  cost  of  development  and  initial  deployment  of  IT  systems  is  quickly 
matched  by  the  cost  of  system  maintenance.  In  order  to  communicate  this  to  its  parent  company,  Delta 
Technology  developed  a  business  risk  analysis  tool  that  addresses  the  infrastructure  renewal  of  technology 
assets  by  reviewing  the  following  characteristics:  technology  age,  business  value  at  risk,  platform  supportability, 
platform  complexity  and  risk  of  failure.  This  session  addresses  how,  by  developing  a  standardized  risk  scoring 
process  and  using  scenario-based  decision  processes,  companies  can  evaluate  proposed  infrastructure  invest¬ 
ment  scenarios  and  identify  mitigation  strategies. 


11:00am -11:30am 
11:30am  -  Noon 
Noon -12:30pm 
12:30pm -1:30pm 


Concurrent  Sessions:  IT  User/Customer  Case  Studies 
Concurrent  Sessions:  IT  User/Customer  Case  Studies 
Concurrent  Sessions:  IT  User/Customer  Case  Studies 

Interactive  Luncheon 
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CONFERENCE 


March  7-9,  2004 

JW  Marriott  Desert 
Springs  Resort 
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To  rec  star,  visit  www.premier100.com/cwt  or  call  1-800-883-9090. 


AGENDA:  MONDAY,  MARCH  8, 2004 

www.premier100.com/cwt 


“You  hear  about  six 
degrees  of  separa¬ 
tion.  The  Premier  100 
melts  away  a  few  of 
those  layers.  I've  met 
people  here  that  I’ve 
known  for  a  long  time 
and  others  I’ve  been 
eager  to  meet  for 
years,  all  converging 
in  one  place.” 

William  Farrow 
EVP  &  CIO 
Chicago  Board  of  Trade 

t®  Chicago  Board  of  Trade 


1:30pm -2:00pm 


2:00pm  -  3:15pm 


3:15pm -3:30pm 
3:30pm  -  4:00pm 


4:00pm -4:30pm 


4:30 -5:00pm 


5:00 -5:30pm 


5:30pm -8:00pm 


The  Road  to  a  Service  Oriented  Architecture:  A  Pfizer  Case  Study 

Joe  Schmadel,  Senior  Director  of  Business  Technology,  Pfizer,  Inc. 

When  Web  services  made  their  debut  at  the  turn  of  the  millennium,  the  world’s  largest  pharmaceutical  company, 
was  like  most  large  organizations  -  looking  for  a  magic  bullet  technology  to  tackle  application,  process,  and  data 
integration  without  a  staggering  price  tag.  As  a  champion  for  change  at  Pfizer,  Joe  Schmadel  leveraged  this  novel 
technology  to  transform  the  firm's  financial  systems  architecture  into  a  nimble,  transparent  network  of  powerful 
methods,  which  were  cheap  to  create,  and  even  cheaper  to  maintain.  Today,  after  several  years  of  evolution,  Pfizer 
can  now  deploy  a  number  of  its  complex  financial  applications  with  virtually  any  look  and  feel,  and  with  minimal 
customization.  In  this  talk,  Schmadel  will  show  how  the  technology,  the  applications  and  the  people  involved 
helped  Pfizer  emerge  as  a  leader  in  service-oriented  architecture  design. 

Discussion  Panel:  Riding  a  Tidal  Wave  of  Change  -  Data  Management, 
Enterprise  Integration  and  Web  Services 

Panel  Moderator:  Don  Tennant,  News  Editor,  Computerworld 

Panelists:  David  Thompson,  CIO,  PeopleSoft;  Danny  Siegel,  Senior  Manager  of  Business  Technology,  Pfizer,  Inc.: 
Patricia  Coffey,  Assistant  VP,  Allstate  insurance  Company 

Finding  the  most  innovative  yet  cost-effective  ways  to  manage  data  and  integrate  business  and  technology  process¬ 
es  are  among  the  most  formidable  challenges  facing  IT  organizations  today.  But  there  are  some  compelling 
approaches  emerging.  Web  services,  in  particular,  hold  the  potential  to  enable  companies  to  leverage  software 
technologies  (such  as  Sun’s  J2EE  and  Microsoft’s  .Net)  more  effectively,  develop  and  build  new  applications  faster, 
and  integrate  iegacy  and  Web  applications  more  gracefully.  Yet  questions  about  lax  security  and  slippery  standards 
compliance  continue  to  plague  Web  services.  The  success  (or  failure)  of  integration  projects  is  especially  visible 
across  a  company's  supply  chain,  in  its  wireless  strategies  and  in  business  intelligence  efforts.  This  panel  will  deliver 
a  lively  exchange  of  experience  and  advice  on  the  key  issues  surrounding  enterprise  integration,  including  the  skill 
set  and  cost  challenges  driving  many  companies  to  outsource  development. 

Break 

Project  Disasters:  How  to  Predict  Them,  Prevent  Them  or  Pull  the  Plug  on  Them 

Paul  Glen,  President  of  C2  Consulting,  Computerworld  Management  Columnist  and  Author  of  “Leading  Geeks” 

Despite  significant  progress  over  the  last  decade,  project  success  rates  are  still  dismally  poor.  Only  about  one-quar¬ 
ter  of  all  IT  projects  are  completed  successfully.  The  rest  are  canceled  completely  or  finished  up  late,  over-budget 
and  sometimes  missing  major  functionality. 

When  used  well,  traditional  IT  project  management  approaches  can  provide  excellent  information  about  what  hap¬ 
pened,  but  they're  lousy  at  predicting  the  future.  In  this  presentation,  Paul  Glen  will  identify  the  five  leading  indicators 
of  project  success  and  show  how  to  use  them  to  predict  the  future,  prevent  problems  and  emerge  a  hero  with  tech¬ 
nologists  and  business  executives  alike. 

Does  IT  Matter? 

Nicholas  G.  Carr,  author  of  "Does  IT  Matter?  Information  Technology  and  the  Corrosion 
of  Competitive  Advantage" 

Far  from  being  a  potent  strategic  weapon,  information  technology  is  increasingly  a  commodity  input  -  a  cost  of  doing 
business  that  must  be  paid  by  all  but  provides  distinction  to  none.  Building  on  his  controversial  Harvard  Business 
Review  article  “IT  Doesn't  Matter,"  Nicholas  G.  Carr  will  show  how  a  combination  of  technological,  economic,  and 
competitive  forces  has  neutralized  IT s  power  to  deliver  strategic  advantage  to  individual  companies.  And  he’ll  lay  out 
a  new  agenda  for  IT  management  and  investment  -  one  that  is  focused  on  containing  costs  and  tempering  risk 
rather  than  aggressively  pursuing  innovation. 

Why  IT  Matters 

Inventor  of  Ethernet,  Founder  of  3Com  Corporation  and  General  Partner  of  Polaris  Venture  Partners 
In  this  spirited  counterpoint  to  the  previous  session,  Bob  Metcalfe  will  bring  his  long  experience  from  four  IT  innovation 
careers  to  bear  on  Nicholas  Carr’s  contentions  about  IT,  which  Bob  considers  -  just  for  starters  -  in  a  good  natured  MIT 
engineer  versus  Harvard  MBA  sort  of  way,  to  be  complete  rubbish. 


Mapping  the  Future  of  IT:  A  Debate  Featuring  Bob  Metcalfe  and  Nicholas  Carr 
Expo  and  Networking  Lounge  Open,  Networking  Reception  and  Buffet  Dinner 


AGENDA:  TUESDAY,  MARCH  9, 2004 

www.premier100.com/cwt 


7:00am  -  8:00am  Buffet  Breakfast 


7:15am  -  7:45am  Breakfast  Address:  Homeland  Security  -  Public/Private  Partnerships 
&  The  Cost  of  Failure 

Dan  Verton,  Senior  Reporter,  Computerworld,  and  author  of  "Black  Ice:  The  Invisible  Threat  of  Cyber  Terrorism” 

Cyber  security  is  the  common  thread  that  ties  together  the  nation’s  most  pressing  homeland  security  and  critical  infrastructure 
protection  challenges  --  challenges  that  could  be  with  us  for  many  decades  as  the  war  on  terror  unfolds.  But  does  the 
absence  to  date  of  a  second  major  terrorist  attack  on  the  U.S.  indicate  that  the  so-called  public-private  partnership  between 
the  government  and  the  private  sector  is  really  working?  Or  is  it  quietly  failing  due  to  behind-the-scenes  conflicts  and  political 
skirmishes  between  the  public  and  private  organizations  responsible  for  our  common  defense?  Computerworld's  Dan  Verton 
will  kick-off  a  day  of  security,  business  continuity  and  project  leadership  discussions  with  a  revealing  look  at  what’s  gone  right, 
what's  gone  wrong  and  why  failure  cannot  be  an  option. 

8:00am  -  8:15am  Opening  Remarks 

Maryfran  Johnson,  Editor  in  Chief,  Computerworld 


8:15am  -  9:00am  Opening  Keynote  Address:  Sixteen  Years  of  Focus  on  Improving  Corporate 
Information  Security  -  Did  It  Make  A  Difference? 

David  Bauer,  First  Vice  President  and  Chief  Information  Security  &  Privacy  Officer,  Merrill  Lynch 

In  1988  at  Bellcore,  David  Bauer  and  a  colleague  sent  out  the  first  formal  security  alert  ever  distributed  by  a  commercial  informa¬ 
tion  sharing  and  analysis  center.  At  the  time,  it  was  a  breakthrough  service.  Today,  it’s  merely  a  typical  component  of  a  normal  - 
and  massively  more  complex  -  security  operation.  Although  concerted  effort  and  significant  money  have  been  spent  since  that 
time,  many  business  pain  points  still  exist  today.  In  this  presentation,  Merrill  Lynch’s  Chief  Information  Security  and  Privacy 
Officer  will  reflect  on  a  decade  and  a  half  of  information  security  issues.  He’ll  examine  the  most  critical  factors  shaping  the  future 
of  corporate  security  and  privacy  leaders,  bringing  a  longtime  practitioner’s  view  to  the  current  state  of  the  art  and  the  evolution¬ 
ary  forces  driving  information  security  into  the  next  decade. 


9:00am  -  9:30am  The  Myth  of  Corporate  Security:  Why  CIOs  are  Mad  as  Hell  and  not  Going 
to  Take  it  Anymore 

Alan  Paller,  Executive  Director  of  Research,  SANS  Institute 

From  his  unique  research  and  training  perspective  on  the  security  industry,  SANS  Institute’s  Alan  Paller  will  start  off 
this  session  with  a  live  demo  of  a  hacking  incident  to  show  just  why  CIOs  are  so  irate  about  the  poor  quality  of  pro¬ 
tection  their  software  and  systems  provide  today.  Who  is  to  blame  here,  and  what’s  being  done  about  it?  Why  are 
security  staffers  constantly  fighting  a  war  they  never  seem  to  win?  What  can  you  do  about  users  who  ignore  proce¬ 
dure  and  worsen  security  problems?  What  recourse  is  there  against  vendors  who  deliver  unsafe  systems?  In  this 
session,  Paller  will  introduce  you  to  several  CIOs  who  have  made  dramatic,  sometimes  harsh  moves  that  forced  real 
change.  He’ll  show  what  they  did  and  how  they  did  it  and,  in  a  couple  cases,  who  got  in  the  way. 

9:30am  -  10:15am  Discussion  Panel:  No  More  Excuses  -  Responding  to  the  Demands  of  Data 
i  jpum'  Privacy  Laws,  Regulatory  Compliance  and  Other  Business  Mandates  on 

*  -  p  Corporate  IT  Security 

Panel  Moderator:  Dan  Verton,  Senior  Reporter,  Computerworld,  and  author  of  "Biack  Ice:  The  Invisible 
Threat  of  Cyber  Terrorism” 

Panelists:  Marc  S.  Sokol,  CISM,  The  Guardian  Life  Insurance  Company  of  America:  William  Farrow,  EVP 
&  CIO,  Chicago  Board  of  Trade:  Al  Brusewitz,  Chief  Information  Security  Officer,  Chief  Information 
Office,  County  of  Los  Angeles 

The  security  agenda  for  2004  is  long  on  mandates  but  short  on  money,  leaving  IT  to  battle  with  few  resources  against  a  slew  of 
malicious  attacks,  tough  new  data  protection  laws  and  demands  for  metrics  that  demonstrate  effectiveness  of  information  securi¬ 
ty  procedures.  The  long  list  of  pressing  concerns  confronting  Chief  Security  Officers  and  IT  leaders  includes  regulatory  compli¬ 
ance  practices,  application  and  network  security,  spam,  enterprise  monitoring,  benchmarking  against  standards  and  disaster 
recovery  responsiveness.  How  are  leading  organizations  juggling  and  responding  to  these  myriad  challenges?  When  everything 
is  a  priority,  how  can  you  possibly  prioritize?  What  kind  of  metrics  are  proving  most  effective  in  gaining  support  and  understanding 
from  the  business  side?  This  panel  will  hone  in  on  what’s  working  (and  what  isn’t)  in  their  own  companies,  sharing  a  wealth  of 
practical  advice  and  fresh  insight  about  how  to  answer  the  security  challenges  facing  so  many  IT  organizations  today. 


10:15am -10:30am  Break 


10:30am -11:00am 


Selling  Security  to  Your  Beady-Eyed,  Bean-Counting  CFO 

Doug  Lewis,  Senior  Partner,  The  Edge  Consulting  Group,  Atlanta,  and  former  CIO,  InterContinental  Hotels  Group 

From  the  “been  there,  done  that"  perspective  of  a  longtime  CIO,  Doug  Lewis  will  walk  you  through  his  methodology  for 
building  a  business  case  for  security  spending  with  the  biggest  corporate  roadblock  of  all:  the  Chief  Financial  Officer. 
This  presentation  will  lay  out  a  detailed,  three-step  process  for  determining  appropriate  security  levels,  building  an 
affordable  security  plan  and  mapping  out  the  ROI-based  business  case  that  senior  executives  will  respect  and  support. 
Lewis  will  reveal  everything  from  the  raw  ingredients  of  building  a  successful  business  case  to  the  reasons  why  IT 
groups  should  outsource  vulnerability  assessments  and  penetration  tests  against  key  systems.  He’ll  also  explain  the  folly 
of  low-balling  the  TCO  (Total  Cost  of  Ownership)  of  an  expensive  security  overhaul,  and  provide  specific  examples 
(including  the  math)  from  several  industry  case  studies. 


“Because  of  the 
quality  of  the  audi¬ 
ence  -  CIOs,  CTOs, 
VPs  -  we  find  this 
event  an  important 
opportunity  to  talk  to 
key  stakeholders  who 
are  critical  to  the 
IT  industry.” 

Scott  Charney 
Chief  Security  Strategist 
Microsoft 
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I’ve  attended  the 
Premier  100  for 
three  years  and  I  am 
astounded  at  how 
profound  the  speak¬ 
ers  have  been.  The 


11:00am  -  11:30am  Managing  Risk  in  Outsourcing  Deals 

Paul  Roy,  Attorney  and  Partner  at  Mayer,  Brown,  Rowe  &  Maw  of  Chicago 

There  is  a  unique  risk  profile  to  major  outsourcing  deals,  which  have  more  in  common  with  a  large  merger  and  acqui¬ 
sition  than  the  standard  procurement  of  IT  services.  The  process  of  transferring  people  and  mission-critical  functions 
to  a  third  party  is  fraught  with  pitfalls  and  longterm  consequences,  but  there  are  practical,  proven  approaches  to 
maximizing  value  and  minimizing  risk  in  these  deals.  What  these  complex  contracts  require  is  a  fundamentally  differ¬ 
ent  approach,  says  Paul  Roy,  who  has  advised  and  represented  clients  such  as  P&6,  Motorola  and  Bank  of  America 
in  some  of  the  country’s  largest  outsourcing  deals.  In  this  talk,  Roy  will  cover  the  most  effective  risk  mitigation 
devices,  contract  protection  mechanisms  and  negotiation  tactics  that  every  IT  leader  should  know. 

11:30am  -  Noon  Concurrent  Sessions:  IT  User/Customer  Case  Studies 

Noon  -  12:30pm  Concurrent  Sessions:  IT  User/Customer  Case  Studies 

12:30pm  -  2:00pm  Expo  and  Networking  Lounge  Open  and  Buffet  Luncheon 


content  of  the  pre¬ 
sentations  is  excep¬ 
tional  and  consistent, 
and  the  audience  is 
high-level  and 
deeply  engaged. 
Computerworld  has 
this  down  to 
a  science.” 

Andrb  Mendes 
Chief  Technology 
Integration  Officer 

PBS 

Q 

PBS 


2:00pm -2:45pm 


2:45pm -3:30pm 


3:30pm  -  3:45pm 
3:45pm -4:15pm 


4:15pm -4:45pm 


4:45pm  -  5:15pm 


Discussion  Panel:  IT  Governance,  Risk  Management  and  the  Future 
of  the  IT  Organization 

Panel  Moderator:  Julia  King,  National  Correspondent,  Computerworld 
Panelists:  Frank  Modruson,  Managing  Partner  and  CIO,  Accenture;  Vince  Campitelli,  Senior  Vice 
President  and  Managing  Director,  Wachovia  Corporation;  Jeffrey  Campbell,  Vice  President  Technology 
Services  &  CIO,  Burlington  Northern  Santa  Fe  Railway;  Bruce  Goodman,  SVP  &  Chief  Science  and 
Information  Officer,  Flumana  Inc. 

Many  CIOs  and  senior  IT  executives  are  moving  into  expanded  roles  in  2004,  as  risk  management,  regulatory  compli¬ 
ance,  vendor/supplier  negotiations  and  outsourcing  management  all  become  standard  components  of  their  leadership 
roles.  But  is  IT  governance  ready  to  evolve  beyond  its  previously  narrow  focus  on  technology  spending  and  labor  costs  - 
into  real  partnership  with  business  objectives?  How  should  potential  IT  investments  be  evaluated  and  mapped  to  compa¬ 
nywide  priorities?  What  skillset  changes  does  the  current  IT  organization  need  most?  Where  will  future  project  leaders 
come  from  if  outsourcing  continues  its  aggressive  growth?  This  panel  will  focus  on  these  critical  issues  confronting  corpo¬ 
rate  IT,  and  offer  some  experienced  guidance  on  how  to  prepare  for  the  high-risk  changes  ahead. 

Integrating  Human  Capital:  The  Magic  of  Creative  Adaptive  Planning 

Moshe  Rubinstein,  UCLA  Distinguished  Engineering  Professor,  and  author  of  “The  Minding  Organization" 

The  most  important  thing  to  know  about  planning  is  that  organizations  do  entirely  too  much  of  it,  says  this  distinguished 
UCLA  professor  and  author.  Too  many  detailed  rules  constrict  an  organization’s  creativity  and  suck  the  life  out  of  our  capaci¬ 
ty  for  adaptive  planning.  In  his  highly  engaging,  dynamic  interaction  with  the  audience,  Moshe  will  illustrate  the  power  of 
human  problem-solving  behavior.  He  will  demonstrate  the  principles  of  complexity  theory  and  the  importance  of  living  in  a 
world  that  moves  beyond  its  narrow  focus  on  productivity  and  service  and  on  to  better  ways  thinking  and  behaving. 

Break 

Solve  My  Problem:  A  Town  Hall  Meeting  on  Risk  Management 
and  Project  Leadership 

Moderators:  Maryfran  Johnson,  Editor  in  Chief,  Computerworld;  Doug  Busch,  VP  &  CIO,  Intel  Corporation 

Mobilize  for  Innovation 

Thornton  May,  Futurist  and  Computerworld  Columnist 

How  do  we  judge  technology  leadership  in  today’s  complex  and  troubled  business  climate?  Emulating  old-think  industrialist  CEOs 
is  a  sure-fire  trip  to  the  dust  heap  of  history.  True  IT  leaders  understand  that  the  most  unambiguous  evaluation  of  leadership  is 
performance  -  its  perception  and  its  reality.  Given  the  powerful  technologies  available  at  dose-to-commodity  prices,  the  Suits  are 
not  out  of  line  in  asking,  “What  value  is  your  IT  organization  creating  today?”  It  is  time  to  shift  the  IT  engine  of  growth  out  of 
reverse  and  into  overdrive.  Tapping  into  his  extensive  research  and  consulting  work  with  hundreds  of  CIOs,  futurist  Thornton  May 
will  zero  in  on  the  reasons  so  many  IT  restructurings  fail  and  provide  powerful  insight  from  the  top  of  the  IT  food  chain.  How  are 
the  world’s  best  IT  leaders  reorganizing  IT  to  transform  business  and  gain  control  over  the  IT  supply  chain?  Thornton  will  rattle 
your  cage  and  stimulate  new  thinking  about  how  companies  should  be  mobilizing  for  the  coming  age  of  hyper-innovation. 


How  to  Ruin  Your  Life 

Ben  Stein,  Author,  Humorist,  Lawyer,  Economist,  Actor  and  Educator 


AGENDA:  TUESDAY,  MARCH  9, 2004 

www.premier100.com/cwt 


5:15pm  -  5:30pm  Final  Remarks  and  Conference  Summary 

Maryfran  Johnson,  Editor  in  Chief,  Computerworld 


7:00pm -7:30pm  Cocktail  Reception 


7:30pm -9:30pm 


Gala  Evening:  Best  in  Class  Awards  Ceremony,  Dinner, 
Honoree  Recognition  and  Entertainment 


Best  in  Class  Awards  Ceremony  sponsored  by 
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REGISTER  TODAY 

for  Computerworld’s  Premier  100  IT  Leaders  Conference 


Registration  Rates 

through  January  26, 2004 

after  January  26, 2004 

IT  End-User:* 

$1,495 

$1,795 

Non-Sponsoring  Vendor:** 

$5,000 

$5,000 

*  IT  End-Users  are  defined  as  those  who  are  attending  Computerworld's  Premier  100  IT  Leaders  Conference  with  an  intent  (and  an  IT  spending  budget)  to 
potentially  buy/purchase  hardware/software/services/etc.  from  our  conference  sponsors  and  exhibitors.  As  such,  account  representatives/business  develop¬ 
ment  from  any  company,  analysts,  and  anyone  else  attending  who  does  not  have  IT  purchasing  influence  within  their  organization  are  excluded  from  the  "IT 
End-User"  designation.  Interpretation  and  enforcement  of  this  policy  is  at  the  sole  discretion  of  Computerworld.  Questions?  Please  call  1-800-883-9090. 

*  Vendors  are  encouraged  to  participate  in  Computerworld's  Premier  100  IT  Leaders  Conference  through  sponsorship.  (Details  are  available  by  calling  Leo 
Leger  at  1-508-820-8212.)  Alternatively,  vendors  (as  well  as  other  "non-IT  end-user"  professionals  as  defined  by  Computerworld),  may  apply  for  registration  at  the 
“non-sponsoring  vendor"  rate.  Determination  of  what  constitutes  a  “non-sponsoring  vendor"  registration  is  at  the  sole  discretion  of  Computerworld. 


HOTEL  RESERVATIONS 

IDG  Travel  is  the  official  travel  company  for  Computerworld’s  Premier  100  IT  Leaders 
Conference.  They  are  your  one-stop  shop  for  exclusive  discounted  rates  on  hotel 
accommodations. 

To  reserve  a  hotel  room,  please  visit 

www.etcentral.com 

You  can  also  call  our  Conference  Housing  Line  at 

1-800-340-2262 


JW  Marriott 
Desert  Springs 
Resort 

Palm  Desert,  California 


PRE-CONFERENCE  GOLF  OUTING  sponsored  by  ^5^. 

March  7th,  12:00pm  The  value  of  t™..' 

The  Pre-Conference  Golf  Outing  at  The  Palm 
Course  at  the  JW  Marriott  Desert  Springs  Resort,  is 
complimentary  (a  $165  value)  for  registered  IT  End- 
Users.  (Other  participants,  including  sponsors  and 
vendors,  may  play  on  an  “as  available"  basis  and 
are  responsible  for  all  applicable  golf  expenses.) 

For  details:  contact  Chris  Leger  at  1-508-820-8277 


“Peer  interaction  is  an 
invaluable  takeaway 
from  Computerworld’s 
Premier  100 
Conference.  There’s 
courage  in  knowing 
that  other  IT  leaders 
are  dealing  with  the 
same  issues  and  you 
can  find  corollaries 
and  context  in  your 
interactions  here. 
Observing  industry 
leaders  makes  us  all 
a  lot  smarter  in  our 
own  decisions.” 

Curtis  Robb 
CIO 
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OPTIONS: 

All  dollar  amounts  are  in  U.S.  funds:  registrations  include  full  access  to  all  sessions,  the  Expo  and 

Networking  Lounge,  meals  and  receptions.  Transportation  and  hotel  accommodations  are  your 
responsibility.  Computerworld  reserves  the  right  to  limit  and/or  refuse  any  registration  for  any  reason. 

Earlybird 

Registration 

(through  January  26. 2004) 

Full/On-Site 

Registration 

(after  January  26, 2004) 

IT  End-User:* 

□  $1,495 

□  $1,795 

Non-Sponsoring  Vendor:** 

□  $5,000 

□  $5,000 

*  IT  End-Users  are  defined  as  those  who  are  attending  Computerworld's  Premier  100  IT  Leaders  Conference  with  an  intent  (and  an  IT  spending  budget)  to  potentially  buy/purchase  , 
hardware/software/services/etc.  from  our  conference  sponsors  and  exhibitors.  As  such,  account  representatives/business  development  from  any  company,  analysts,  and  anyone  I 
else  attending  who  does  not  have  IT  purchasing  influence  within  their  organization  are  excluded  from  the  “IT  End-User"  designation.  Interpretation  and  enforcement  of  this  policy  is  a| 
the  sole  discretion  of  Computerworld.  Questions?  Please  call  1-800-883-9090. 

'  Vendors  are  encouraged  to  participate  in  Computerworld's  Premier  100  IT  Leaders  Conference  through  sponsorship.  (Details  are  available  by  calling  Leo  Leger  at  1-508-820-8212.) 
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Reserve  your  accommodations  at:  www.etcentral.com 


Questions  about  accommodations? 

Please  call  1-800-340-2262  or  email:  eventhousing@idg.com 


Registration  Information:  (This  section  must  be  completed  in  order  to  process  your  application) 
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Company: 
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Suite,  Apt.,  etc.:. 
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□  Other 

Number  of  employees  in  your  entire 
organization  (ALL  locations): 

□  10,000* 

□  5.000-9.999 

□  1.000-4.999 

□  500-999 

□  Under  500 


Your  job  title/function: 

□  CEO/COO/Chairman/President 

□  CIO/CTO 

□  VP/GM/Director 

□  IS/IT  Director/Manager 

□  Other  IS/IT  Department 
Manager/Supervisor 

□  Other  Corporate/Business  Manager 

□  Corporate/Business  Staff 

□  Consultant  (Internal)  or  Other 

The  one  item  that  best  describes  your 
involvement  in  the  IT  purchase  process: 

□  Authorize  the  purchase 

□  Approve  the  budget 

□  Initiate  the  purchase 

□  Evaluate/recommend  products,  brands, 
vendors 

□  Identify/establish  the  need  to  purchase 

What  is  your  organization's  primary 
vendor  for  servers?: 

□  Dell 

□  Hewlett  Packard/Compaq 

□  Hitachi 

□  IBM 

□  Sun 

□  Unisys 

□  Other 


What  is  your  organization’s  most  mission 
critical  development/implementation 
project  this  year: 

□  Business  Intelligence/Data  Management 

□  Web  Services 

□  Mobile/Wireless 

□  Network  Infrastructure/Storage 

□  Security 

□  Linux 

□  Enterprise  Integration 

What  is  the  estimated  annual  revenue 
of  your  entire  organization?: 

□  $10  Billion* 

□  $1  Billion  -  $9.9  Billion 

□  $500  Million -$999  Million 

□  $100  Million  -  $499  Million 

□  Less  than  $100  Million 

What  is  your  organization's  annual 
IT/IS  budget  for  all  IT/IS  products?: 

□  Over  $1  Billion 

□  $500  Million  -  $999  Million 

□  $100  Million -$499  Million 

□  $10  Million- $99  Million 

□  $1  Million  -  $9.9  Million 

□  Less  than  $1  Million 


Payment  Method 
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□  American Express  □  VISA  □MasterCard 
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In  the  event  of  cancellation,  the  registrant  has  three  options: 

1)  He  or  she  may  substitute  another  attendee  for  this  conference. 

2)  He  or  she  may  transfer  this  registration  to  Computerworld's  2005  Premier  100  IT 
Leaders  conference. 

3)  The  registration  fee  will  be  refunded,  less  a  $250  service  charge,  if  written 
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Please  fax  this  completed  application  to  508-820-8254 
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millions  of  shares  of  stock,  mutual 
funds  and  institutional  investors  are 
necessary  players  because  of  the  scope 
involved.  But  what’s  to  stop  a  fund 
manager  or  pension  fund  from  placing 
an  order  online?  Wall  Street  isn’t  going 
out  of  business;  it  will  just  have  fewer 
people  dialing  for  dollars,  replaced  by 
more  computers  handling  the  sales  and 
record-keeping. 

Sure,  Google  and  its  investors,  Stan¬ 
ford  University  and  venture-capital 
firms  Sequoia  Capital  and  Kleiner 
Perkins  Caufield  &  Byers,  aren’t  han¬ 
kering  to  buck  the  entire  Wall  Street 
system.  After  all,  Google  tapped  Gold¬ 
man  Sachs  and  Morgan  Stanley  as  the 
brokers  to  handle  at  least  part  of  the 
IPO  sale.  But  if  rumors  turn  to  truth 
and  individuals  are  able  to  bid  for  the 
golden  goose  of  this  IT  IPO  online, 
what’s  to  stop  other  companies  from 
following  suit?  Why  pay  the  middle¬ 
man  to  move  merchandise  when  cus¬ 
tomers  —  big  and  small  —  already 
have  the  means  and  the  motives  to  buy 
1  direct?  ©  44241 


stream  and  no  longer  under 
the  complete  control  of  the 
IT  department.  In  many  cas¬ 
es,  the  computers  handed 
out  by  strained  IT  depart¬ 
ments  technologically  lag 
what  consumers  use  at 
home.  “Why  would  I  want  to 
use  the  7-year-old,  9-lb.  Dell 
that  my  IT  guys  gave  me,” 
one  executive  recently  said 
to  me,  “when  I  can  use  this 
great  new  4-lb.  Tablet  PC 
that  I  picked  up  myself  run¬ 
ning  Windows  XP?” 

IT  departments  need  to 
understand  and  actually  em¬ 
brace  this  change,  because  it’s  in  their 
best  interests.  Sophisticated  users  who 
understand  technology  are  far  more 
likely  to  support  IT  initiatives  and 
fund  projects  properly. 

While  it  might  seem  otherwise,  this 
new  “educated”  consumer  is  an  oppor¬ 
tunity  for  IT.  Don’t  try  to  segment  us¬ 
age  for  business  and  personal  devices, 
because  the  lines  between  them  are 


too  blurred.  It’s  best  to  set 
a  consistent  policy  of  what 
will  and  won’t  be  support¬ 
ed  by  IT.  For  example,  tell 
users  that  you’ll  recover 
lost  spreadsheets  on  fried 
disk  drives,  but  not  their 
vacation  JPEGs.  Likewise, 
set  a  clear  policy  on  which 
applications  are  standard 
and  supported  and  re¬ 
emphasize  the  legal  impor¬ 
tance  of  adhering  to  license 
agreements. 

Be  proactive,  not  reac¬ 
tive.  It’s  better  to  have  an 
IT-installed  and  properly 
configured  Wi-Fi  access  point  with 
proper  security  enabled  than  to  have 
someone  go  out  to  a  store,  buy  a  cheap 
Wi-Fi  router  and  set  it  up  himself. 

Encourage  your  staff  to  follow  the 
latest  trends  in  devices  like  cell  phones 
and  PDAs,  and  allocate  a  small  part  of 
your  budget  to  keep  some  of  these 
things  around  so  your  support  staff 
can  get  some  hands-on  experience. 


MICHAEL  0ARTENBER6  is 

research  director  for 
the  Client  Access  and 
Technologies  group  at 
Jupiter  Research  in 
New  York.  Contact  him 
at  michael.gartenberg® 
mindspriiiQ.com. 


The  ability  to  show  users  different  de¬ 
vices  and  guide  them  down  a  buying- 
decision  path  will  positively  increase 
your  visibility  in  the  organization, 
gaining  you  political  support  for  future 
projects.  Your  staff  will  be  happier  be¬ 
cause  they  will  get  their  hands  on  the 
latest  and  greatest  gadgets. 

Finally,  don’t  disdain  users’  fascina¬ 
tion  with  technology  —  embrace  it 
with  enthusiasm.  End  users  are  differ¬ 
ent  today.  They’re  no  longer  business 
workers  from  9:00  to  5:00  who  turn 
into  consumers  at  5:01. 

The  ability  to  support  diverse  and 
mingled  information  spaces  is  a  re¬ 
quirement,  not  a  luxury,  of  the  modern 
IT  department.  Trying  to  dam  the  flow 
of  technology  never  works.  It’s  far  bet¬ 
ter  to  channel  the  positive  aspects  of 
this  trend  and  get  some  positive  results 
organizationally  as  well.  ©  44244 


WANT  OUR  OPINION? 

OMore  columnists  and  links  to  archives  of  previous 
columns  are  on  our  Web  site: 

www.computerworld.com/columns 
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Rise  of  the 
|  Enterprise 
Consumer 

DO  YOU  REMEMBER 

the  good  old  days?  The 
days  when  computers 
were  for  business  profession¬ 
als  and  consumer  electronics 
gadgets  were  for,  well,  consumers? 

I  recall  a  time  when  IT  managers 
told  users  not  to  take  software  from 
work  to  use  at  home.  Today,  we  ask 
users  to  please  not  bring  their  applica¬ 
tions  from  home  to  the  office.  Major 
technologies  are  still  unveiled  in  Las 
Vegas,  but  at  the  Consumer  Electronics 
Show,  not  Comdex. 

If  you’re  looking  for  the  line  that 
separates  business  users  from  con¬ 
sumers,  you’d  better  look  behind  you 
because  we  have  already  crossed  it. 
Welcome  to  the  age  of  the  enterprise 
consumer,  where  both  business  and 
personal  information  are  commingled 
and  consumer-focused  digital  tech¬ 
nologies  are  purchased  not  by  IT  de¬ 
partments  but  directly  by  users  with 
|  the  expectation  that  they  will  be  used 
[(and  supported)  for  business  purposes. 
1  Today,  d  i  gital  technology  is  main- 


READERS’  LETTERS 


Offshoring’s  Shame 

I  AM  AMAZED  by  the  IT  managers 
in  the  story  “Tests  of  Leadership” 
[Premier  100  IT  Leaders  2004, 
QuickLink  43098]  who  blithely  ad¬ 
mit  that  they  have  sent  IT  work 
overseas.  I  would  have  thought  that 
this  would  be  something  to  be 
ashamed  of.  We  all  speak  of  patrio¬ 
tism,  but  that  sounds  pretty  shallow 
when  we  happily  undermine  our 
own  country,  its  workforce  and,  ulti¬ 
mately,  its  future  for  the  sake  of 
short-term  cash  flow  and  share¬ 
holder  greed.  This  kind  of  reckless 
abandonment  of  our  most  precious 
asset  will  ultimately  shake  the  foun¬ 
dations  of  our  country  as  effectively 
as  any  terrorist  attack. 

Garry  Kidson 

Systems  architect,  Zaphod 
Consulting,  Sacramento,  Calif., 
gjkidson@comcast.net 


Change  Is  Inevitable 

HAVE  BEEN  READING  about  IT 

people  complaining  about  job  mi¬ 
gration  to  Asia  for  a  while  now,  and 
I’ve  finally  decided  to  put  my  two 
cents  in.  Thinking  that  politicians 
will  save  workers’  jobs  is  an  idle 
hope,  since  large  corporations’  ma¬ 
jor  political  contributions  indicate 
that  they  want  this  change.  How¬ 


ever,  we  should  look  at  what  hap¬ 
pened  to  the  U.S.  automobile  in¬ 
dustry  in  the  late  70s  and  early 
'80s.  Asian  competitors  threatened 
to  wipe  the  U.S.  makers  out,  but  af¬ 
ter  some  harsh  times  of  reshaping 
and  reinventing  themselves,  the 
U.S.  industry  came  out  very  healthy 
and  viable,  and  it  will  never  be  in 
such  dire  straits  again.  Life,  just  like 
business,  is  all  about  change.  Trying 
to  maintain  the  status  quo  inevitably 
leads  to  harsher  and  more  difficult 
changes  that  will  leave  deeper 
scars.  So  instead  of  complaining,  I 
suggest  we  look  at  the  situation  at 
hand,  adapt  to  it  and  reinvent  IT  as 
a  viable  U.S.  industry. 

J.  Clent 
San  Francisco 


Business  Rules 
Yield  Web  Security 

THE  TECHNICAL  ASPECTS  of 

Web  services  security  are  trivial 
to  solve  once  the  business  issues 
are  understood  -  and  costed 
[“Overcoming  Web  Services  Inse¬ 
curities,”  QuickLink  42781],  The  3A 
issues  (authentication,  authoriza¬ 
tion  and  accountability)  demand 
that  comprehensive  business  rules 
and  logic  be  implemented,  particu¬ 
larly  if  the  wrong  technology  is  cho¬ 
sen.  And  using  the  best  account¬ 


ability  processes,  with  the  globally 
trusted  authentication  embodied  in 
commercial  agreements,  SLAs  and 
passwords,  is  by  far  the  cheapest 
and  most  effective  assured  mes¬ 
saging  model. 

Lyal  Collins 
CTO,  Key2ITPty., 

Sydney,  Australia 


Limiting  Thin-Client 
Apps  Isn’t  Easy 

THE  THIN-CLIENT  STRATEGY 

works  well  if  you  can  limit  the 
number  of  applications  in  use  [“De¬ 
manding  a  Better  Desktop  Alterna¬ 
tive,”  QuickLink  43511],  But  in  my 
experience,  this  hasn’t  been  possi¬ 
ble.  The  number  of  applications  I 
have  to  provide  is  growing,  and  the 
limitations  that  I  have  with  thin 
clients  are  more  than  equal  to  the 
technical  and  financial  benefits. 
Maximilian  Weigmann 
Vilsbiburg,  Germany 


No  Cobol  in  Sight 

I  WAS  STUNNED  to  read  the  letter 
“Java  Can’t  Take  the  Place  of 
Cobol”  in  the  Jan.  12  issue  [Quick¬ 
Link  43433].  Ian  Archibell  claimed 
that  a  2003  survey  of  academic  in¬ 
stitutions  showed  that  “more  than 
three  quarters  of  the  respondents 


continue  to  require  learning  Cobol 
as  an  integral  part  of  their  computer 
science  programs." 

Well,  as  a  recent  computer  en¬ 
gineering  graduate,  I  can  honestly 
tell  you  that  virtually  every  computer 
science  department  in  the  country 
requires  students  to  program  in 
either  C,  C++  or  Java.  Cobol  is  rarely 
even  offered  as  a  course  option. 
Therefore,  I  strongly  doubt  his  claim 
of  Cobol’s  widespread  use  among 
computer  science  students.  Don’t 
get  me  wrong:  Cobol  is  still  useful 
in  many  legacy  business  applica¬ 
tions.  But  its  general  use  is  declin¬ 
ing,  whereas  that  of  Java  is  continu¬ 
ing  to  rise. 

Li  Yang 

Santa  Clara,  Calif, 
liy@engin.umich.edu 
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N  LINUX  DELIVER  LOWER  TCO? 


Microsoft' 


"We  conducted  a  major  TCO  study  to 
explore  Microsoft  and  Linux  solutions 
for  our  needs.  In  the  end,  we  found  that 
the  TCO  for  the  Windows  Server  System ™ 
approach  was  about  20  percent  less 
expensive  than  Linux." 

— Keith  Morrow,  CIO,  7-Eleven,  Inc.,  U.S. 


7-Eleven  chose  Microsoft  over  Linux  because  of  the  20  percent  savings  in  total  cost  of  ownership 
for  their  5,800  U.S.  and  Canadian  stores'  highly  complex  POS  system.  In  their  evaluation,  7-Eleven 
was  looking  for  an  option  that  could  meet  serious  technical  requirements  with  a  low  TCO.  Their 
study  found  that  only  the  Microsoft®  platform  could  meet  their  criteria.  To  get  the  full  7-Eleven 
case  study  and  more  third-party  findings,  visit  microsoft.com/getthefacts 


O  2004  Microsoft  Corporation.  All  rights  reserved.  Microsoft,  the  Windows  logo,  and  Windows  Server  System  are  either  registered  trademarks  or  trademarks  of 
Microsoft  Corporation  in  the  United  States  and/or  other  countries.  7-ELEVEN®,  the  7-ELEVEN  Design  and  OH  THANK  HEAVEN®  are  registered  trademarks  of  7-Eleven,  Inc 
The  names  of  actual  companies  and  products  mentioned  herein  may  be  the  trademarks  of  their  respective  owners. 
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A  NETWORK  OUTAGE  THREATENS 

HUT  DOWN  GLOBAL  DISTRIBUTION 


•  • 


hi-,  •- 


E  IT  STAFF  HAS  2  HOURS  TO  FIND 
ID  FIX  THE  PROBLEM. 


•  ■  ""  ‘ 


CAN  YOUR  SOFTWARE  KEEP  BUSINESS  FROM  DISAPPEARING? 


Business  Service  Management  solutions  from 
BMC  Software^  can.  In  fact,  they  let  you  predict 
critical  performance  problems  and  resolve  them 
before  they  ever  impact  your  business.  And  you 
can  prioritize  IT  management,  investments  and 
resource  allocations  to  optimize  your  business 
erformance.  So  you  can  solidly  align  your  IT 
investments  with  strategic  business  goals. 


And  protect  the  delivery  of  vital  business  services 
like  sales,  customer  service,  online  transactions, 
logistics  and  distribution  —  whatever  is  most 
critical  to  your  company's  success.  It's  enterprise 
management  software  that  works  with  your  existing 
IT  resources  to  let  you  manage  what  matters  from 
a  business  perspective  and  execute  with  precision. 
Find  out  how  at  www.bmc.com/bsm51 


BMC  Software  Ine. 


<bmcsoftware 


SECURITY  MANAGER’S  JOURNAL 

Developer  Tool  Kit 
Raises  Backdoor  Alarms 

When  antivirus  software  detects  back¬ 
door  code  embedded  in  critical  applica¬ 
tions,  Vince  Tuesday  tracks  the  source 
to  a  development  tool  kit.  Page  24 


QUICKSTUDY 

ETL 

Extract,  transform  and  load  software  enables 
companies  to  move  data  from  multiple  sources, 
reformat  and  cleanse  it,  and  load  it  into  another 
database,  a  data  mart,  a  data  warehouse  or 
another  operational  system.  Page  23 


LEGACY 

proper  disposal  of  obsolete  IT  equipment  is  fast  becoming 
a  major  lia  ty  for  o  rp  ations. 


QUOTE  OF  THE  WEEK 


The  damage  from 
mismanaged  outsourcing 
will  always  exceed  the  potential 
benefits  from  anticipated  IT  cost 
reductions. 


-  Columnist  Paul  A.  Strassmann, 
former  CIO  at  NASA,  page  25 
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Number  of  PCs 
junked  in  the 
U.S.  in  2003 


HEN  KAISER  Permanente 
began  a  program  to  dis¬ 
pose  of  its  obsolete  com¬ 
puter  equipment  two 
and  a  half  years  ago,  it 
was  motivated  more  by 
cost  concerns  than  by 
the  desire  to  properly 
dispose  of  products  with  potentially 
toxic  content. 

“My  boss  was  concerned  with  more 
space  being  taken  up  by  excess  and  used 
equipment,”  says  Jim  Regan,  manager  of 
IT  facilities  at  the 
Oakland,  Calif.-based 
|d  health  care  manage¬ 
ment  company,  noting 
that  the  idle  assets  ac- 
||  crued  storage  and 
property  tax  charges. 

|5  But  he  quickly  real¬ 
ized  that  the  disposal 
of  IT  waste,  which 
contains  many  toxic 
substances,  presented  a  potentially  large 
and  growing  liability  risk  to  Kaiser. 

Growing  public  awareness  of  the  haz¬ 
ards  of  e-waste  and  a  rising  tide  of  regu¬ 
lations  have  increased  the  pressure  to  re¬ 
cycle  IT  products  and  set  the  stage  for 
higher  disposal  costs.  Meanwhile,  low- 
cost  bidders  for  IT 
equipment  disposal 
services  may  be  work¬ 
ing  through  brokers  to 
send  equipment  to  de¬ 
veloping  countries  —  a 
controversial  practice 
—  or  to  illegal  waste 
dumps  in  the  U.S.  Fail¬ 
ure  to  establish  best 
practices,  thoroughly 
check  out  vendors  and 
create  an  audit  trail 
may  leave  companies  on  the  hook  for 
hefty  fines,  lawsuits  and  a  barrage  of 
negative  publicity. 

A  typical  CRT  monitor  contains  three 
to  nine  pounds  of  lead,  recyclers  say. 

And  printed  circuit  boards  contain 
beryllium,  cadmium,  flame  retardants 
and  other  compounds  that  can  contami¬ 
nate  the  air  and  groundwater  and  expose 


Number  of  PCs 
the  EPA  esti¬ 
mates  will  end 
up  in  landfills  by 
the  end  of  2004 
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Stacks  of  unused  equipment  (right),  many  with  corporate  asset  tags  clearly  visible,  end 
up  in  illegal  landfills  or  in  places  like  Guiya,  China,  where  a  worker  (left)  wearing  no  pro¬ 
tective  gear  pours  acid  on  circuit  boards  to  reclaim  precious  metals, 


humans  to  carcinogens  and  other  tox¬ 
ins  when  equipment  is  shredded, 
burned  or  sent  to  a  landfill.  According 
to  the  U.S.  Environmental  Protection 
Agency,  e-waste  is  now  the  fastest- 
growing  waste  stream  in  the  U.S. 

Until  now,  only  electronics  manufac¬ 
turers  have  been  under  pressure  from 
activists  and  regulators  to  reduce  toxic 
content  in  their  products  and  limit  hu¬ 
man  exposure  to  toxins  used  in 
their  manufacturing  processes. 

That’s  changing. 

The  European  Union  took 
the  lead  on  end-of-life  issues 
when  it  issued  two  directives 
on  e-waste  aimed  at  manufac¬ 
turers  early  last  year.  One  re¬ 
quires  vendors  that  sell  IT 
products  in  Europe  to  phase 
out  some  particularly  danger¬ 
ous  toxins,  including  lead,  mer¬ 
cury,  cadmium,  hexavalent  chromium 
and  bromated  fire  retardants,  from 
electronics  products  by  2006.  The  oth¬ 
er  holds  manufacturers  responsible  for 
end-of-life  disposal  costs  for  their 
products. 

Meanwhile,  a  wave  of  e-waste  regu¬ 
lations  is  beginning  to  roll  across  the 
U.S.  A  new  California  law  assesses  an 
upfront  fee  for  every  CRT  purchased 
to  cover  recycling  costs,  bars  the  ex¬ 
port  of  e-waste  and  requires  a  phase¬ 
out  of  the  toxic  substances  cited  in  the 
EU  directive.  California  and  a  few  oth¬ 
er  states  also  have  banned  landfill  dis¬ 
posal  of  some  IT  products,  such  as 
monitors.  In  all,  more  than  24  new  bills 
are  working  their  way  through  state 
legislatures,  according  to  Gartner  Inc., 
creating  a  patchwork  of  inconsistent 
rules  that  organizations  must  follow 
and  the  potential  for  stiff  fines  for 
those  that  don’t. 

But  a  more  troubling  aspect  of  the 


issue  for  Kaiser’s  Regan  came  to  light 
early  in  2002,  when  two  activist  groups 
released  a  graphic  and  controversial 
report  on  the  export  of  U.S.  e-waste  to 
developing  countries.  The  report,  re¬ 
leased  by  the  Basel  Action  Network 
(BAN)  and  Silicon  Valley  Toxics  Coali¬ 
tion  (SVTC),  asserted  that  50%  to  80% 
of  e-waste  collected  in  the  U.S.  is  ex¬ 
ported  to  developing  countries.  It  in¬ 
cluded  disturbing  pictures  of 
children  in  the  Chinese  vil¬ 
lage  of  Guiyu  playing  amid 
mountains  of  discarded  IT 
products,  and  laborers  smash¬ 
ing  monitors  by  hand  out¬ 
doors  and  pouring  acid  over 
circuit  boards  to  remove  valu¬ 
able  metals.  Clearly  visible  in 
some  of  the  pictures  were  the 
asset  tags  of  private  and  pub¬ 
lic  U.S.  organizations  that 
previously  owned  the  equipment. 

Follow-up  stories  confirming  the 
e-waste  situation  in  Guiyu  appeared  in 
major  U.S.  newspapers,  including  The 
Washington  Post  and  the  San  Jose  Mer¬ 
cury  News.  But  as  the  media  and  ac¬ 
tivists  focused  on  Dell  Inc.  and  other 
producers  as  the  culprits,  Kaiser’s  man¬ 
agement  saw  the  potential  for  damage 
to  the  company’s  reputation  and  brand 
name  if  its  equipment  were  to  appear 
in  such  an  expose.  Exporting  e-waste 
isn’t  illegal  in  the  U.S.,  but  Regan  began 
to  get  calls  from  worried  doctors  in  his 
company’s  executive  ranks. 

By  that  time,  however,  he  had  al¬ 
ready  worked  out  an  arrangement  with 
Redemtech  Inc.,  a  Hilliard,  Ohio-based 
recycler  that  handles  the  disposition  of 
obsolete  IT  equipment.  Regan’s  con¬ 
tract  specifies  a  zero-landfill  policy,  in¬ 
cludes  written  assurances  that  Redem- 
tech’s  recycling  subcontractors  don’t 
export  any  e-waste  products  and  calls 


for  documentation  of  the  final  disposi¬ 
tion  of  all  IT  products.  Regan  uses  the 
reports  to  pull  assets  off  the  books  and 
to  protect  the  company  from  liability 
lawsuits.  “We  went  into  this  with  a 
risk-mitigation  point  of  view.  You  real¬ 
ly  have  to  make  sure  that  nothing  on 
the  back  end  sullies  your  reputation,” 
he  says. 

Regan  may  have  been  ahead  of  the 
curve  in  thinking  about  these  issues, 
but  considering  the  volume  of  e-waste 
that  companies  like  his  generate  — 
Kaiser  has  disposed  of  65,000  pieces  of 
IT  equipment  over  the  past  two  years 
—  he’s  convinced  that  it’s  just  a  matter 
of  time  before  environmental  groups 
make  an  example  of  a  large  corporate 
user  of  IT  products.  “Do  your  home¬ 
work  and  make  sure  you  have  your 
back  covered,”  he  advises. 

Dell  became  such  an  example  on  the 
vendor  side.  Ted  Smith,  founder  of  the 
San  Jose-based  SVTC,  says  that  his  or¬ 
ganization  singled  out  the  PC  direct 
marketer  for  criticism  last  year,  issued 
negative  reports  on  its  recycling  poli¬ 
cies  and  picketed  company  offices  and 
even  the  offices  of  CEO  Michael  Dell’s 
wife.  “We  decided  that  they  would 
make  a  great  target,”  he  says,  noting 
that  since  the  SVTC  campaign,  the 
vendor  has  “begun  to  take  these  issues 
more  seriously.” 

The  tactic  worked:  Dell,  IBM  and 
Hewlett-Packard  Co.  all  say  they  now 
offer  computer  return  programs  and 
recycle  collected  IT  products. 


Jim  Puckett,  coordinator  of  Seattle- 
based  BAN,  which  opposes  the  expor¬ 
tation  of  hazardous  e-waste  to  develop¬ 
ing  countries  and  works  closely  with 
the  SVTC,  says  a  high-profile  user  of 
IT  products  will  be  his  organization’s 
next  target.  “We’re  going  to  start  going 
after  some  institutions  now  and  mak¬ 
ing  examples  of  them  in  a  positive  and 
negative  way.  We’re  going  to  be  putting 
pressure  on  the  users,”  he  says. 

Meanwhile,  many  IT  organizations 
remain  ignorant  of  the  legal  and  tech¬ 
nical  issues  surrounding  proper  dis¬ 
posal  of  IT  equipment.  “I  still  talk  to 
clients  on  a  daily  basis  and  they  have 
no  idea  what’s  going  on.  You’d  think 
that  they  would  know  at  this  point  that 
you  can’t  just  throw  this  stuff  out,”  says 
Gartner  analyst  Frances  O’Brien. 

E-waste  Economics 

Many  IT  organizations  avoid  the  prob¬ 
lem  simply  by  storing  obsolete  and  un¬ 
used  equipment  —  a  costly  proposi¬ 
tion  that  both  manufacturers  and  recy¬ 
clers  say  will  get  only  more  expensive 
as  the  costs  of  both  storage  and  dispos¬ 
al  increase.  “The  No.  1  solution  for 
IT  disposal  today  is  storage,”  says 
Lennie  Myers,  a  vice  president  at 
Austin-based  recycler  Image  Micro¬ 
systems  Inc. 

When  it  comes  time  to  remove 
equipment  from  service,  few  compa¬ 
nies  have  budgeted  for  proper  dispos¬ 
al,  and  fewer  still  want  to  convince  the 
chief  financial  officer  to  spend  the  $30 


1  LEASE  EQUIPMENT  so  that  the 
to  the  equipment  transfers  to 
ing  company  at  the  end  of  the 
along  with  the  disposition  1 

2  DISPOSE  OF 

when  it’s  remow 

3  BUNDLE  DISPOSAL  COS 

new  purchases  by  including  i 
position  of  old  IT  assets  in  the  RF 
equipment  that  replaces  ft. 

4  EMPTY  THE  IT 
pose  of  unused,  s 
mediately.  This 
costs  and  property  taxes 
costs  that  are  likely  t 

5  INCLUDE  A  C01 
ERATING  SYSTEM 

equipment, 
ing  system  are  likely 
shipped 
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per  PC  that  O’Brien  says  proper  dis¬ 
posal  of  an  obsolete  PC  typically  costs. 
This  problem  has  arisen  because  the 
end-of-life  economics  have  changed. 
While  disposal  costs  have  increased, 
the  prices  of  used  PCs  have  dropped  to 
the  point  where  a  typical  system  has 
little  or  no  residual  value  after  just  30 
months,  according  to  Dell.  In  the  past, 
an  IT  organization  could  dispose  of 
equipment  after  three  years  and  re¬ 
ceive  a  few  dollars  back,  but 
today,  it’s  more  likely  to  incur 
a  net  cost. 

“There  is  a  de  facto  motiva¬ 
tion  for  people  to  cut  corners 
in  managing  end-of-life 
[issues],”  says  Bob  Houghton, 
Redemtech’s  president. 

“You  can  still  get  a  guy  in  a 
little  red  truck  to  haul  away 
your  PCs,  so  nobody  wants  to 
focus  on  this  issue,”  says  an  IT  executive 
at  a  large  financial  services  company, 
who  asked  not  to  be  identified.  With¬ 
out  executive  sponsorship  of  a  respon¬ 
sible  disposal  policy,  he  says,  business 
units  will  continue  to  throw  equipment 
into  Dumpsters  rather  than  incur  a  $25- 
per-unit  disposal  fee  billed  through  an 
internal,  IT-sponsored  program. 

The  executive  was  able  to  gain  sup¬ 
port  for  responsible  recycling  by  fo¬ 
cusing  on  problems  with  improper 
erasure  of  data  on  the  hard  disk  drives 
of  discarded  PCs  and  the  risk  of  non- 
compliance  with  Health  Insurance 
Portability  and  Accountability  Act  pri¬ 
vacy  regulations.  Vendors  such  as  Im¬ 
age  Microsystems  and  Redemtech  ver¬ 
ify  and  document  disk  erasure  as  part 
of  their  services.  Because  of  the  extra 
costs  of  responsible  disposal,  the  exec¬ 
utive  says,  it  will  take  the  negative 
publicity  of  a  “Martha  Stewart  type  of 
case”  before  businesses  will  fund 
proper  disposal  practices. 

“There  are  bad  things  happening.  As 
a  corporation,  you  need  to  prove  you 
did  due  diligence,”  O’Brien  says.  That 
means  tracking  assets  and  having 
proof  of  sale  or  proper  disposal  — 
something  most  companies  don’t  do. 
Despite  the  risk  of  negative  publicity, 
it’s  legal  and  relatively  inexpensive  to 
work  with  brokers  that  export  IT 
equipment  overseas.  Even  recyclers 
that  say  they  don’t  export  may  send 
some  equipment  or  components  to 
downstream  brokers  that  do  export  it. 
Or  the  equipment  could  end  up  in  a 
field  somewhere  unless  you’ve  verified 
the  vendor’s  practices  and  tracked  the 
asset  properly,  O’Brien  says. 

She  says  one  client  received  an  offer 
to  remove  3,000  dead  monitors  for  $3 
each,  well  under  the  going  rate  of  $7  to 
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$35.  “Three  months  later,  he  got  a  call 
from  the  Department  of  Environmen¬ 
tal  Protection  asking,  ‘Why  are  your 
monitors  in  this  field?’  ”  O’Brien  says. 
Investigators  such  as  the  EPA  can 
quickly  trace  equipment  back  to  its 
original  owner  through  serial  numbers 
or  asset  tags. 

“If  we  can’t  prove  we  transferred 
that  title,  we’re  liable,”  says  the  finan¬ 
cial  services  company  executive.  That 
means  paying  cleanup  costs 
and  fines. 


Thinking  Ahead 


Average  cost  to 
dispose  of  an 
end-of-life  PC 


So,  what’s  an  IT  executive  to 
y  do?  “The  best  place  to  [address 
2  disposal  of  IT  assets]  is  where 
E  the  competition  is,  which  is 
“  upfront,”  says  Regan.  He  now 
|  includes  specific  terms  for  the 
"  disposal  of  existing  IT  assets 
as  part  of  requests  for  proposals  for 
new  equipment.  And  he’s  moving  to¬ 
ward  more  leasing,  which  takes  the 
problem  off  his  plate.  All  of  Kaiser’s 
250,000  IT  assets,  including  those  that 
go  back  to  vendors  or  leasing  compa¬ 
nies,  are  processed  by  Redemtech  as 
they’re  retired.  The  vendor  collects  the 
equipment,  wipes  the  disks,  refurbish¬ 
es,  recycles  or  returns  the  equipment, 


and  provides  written  verification. 

“We’re  looking  at  a  net  cost  per  PC 
of  $18.40,  and  the  monitors  are  $23.71 
on  a  net  basis.  We’ve  budgeted  those 
disposal  costs,”  Regan  says.  The  total 
tab  for  processing  19,906  monitors  and 
38,204  desktops  over  two  and  a  half 
years  is  approximately  $1.2  million. 

That  may  sound  expensive,  but  IT 
organizations  should  be  wary  of  ven¬ 
dors  that  offer  disposal  services  at  lit¬ 
tle  or  no  cost.  “They  need  to  be  cog¬ 
nizant  of  what  may  be  happening  to 
those  materials  . . .  and  do  due  dili¬ 
gence  on  those  vendors,”  says  Tod  Ar- 
bogast,  senior  manager  of  asset  recov¬ 
ery  services  at  Dell. 

Don’t  sit  on  IT  equipment  that  has 
reached  the  end  of  its  life,  says  Wayne 
Balter,  vice  president  of  corporate  en¬ 
vironmental  affairs  at  IBM.  John  Mont¬ 
gomery,  chief  technology  officer  at 
Marine  Terminals  Corp.  in  San  Pedro, 
Calif.,  says  his  company  had  a  “ware¬ 
house  full  of  computers”  but  has  got¬ 
ten  rid  of  them  through  an  organiza¬ 
tion  that  recycles  them.  Montgomery 
refreshes  20%  of  his  PCs  each  year  but 
keeps  monitors  longer,  which  saves 
money  upfront  and  delays  disposal 
costs  on  the  back  end.  He’s  also  gradu¬ 
ally  shifting  to  LCD  panels,  which  use 


less  energy  and  don’t  contain  the 
heavy  amounts  of  lead  found  in  CRTs, 
although  fluorescent  backlighting  in¬ 
troduces  small  amounts  of  another 
toxic  substance  —  mercury. 

Users  may  eventually  reduce  back¬ 
end  recycling  costs  by  purchasing  prod¬ 
ucts  that  have  lower  toxic  content  at  the 
front  end.  For  example,  the  European 
TCO  and  Blue  Angel  certification  labels 
provide  assurance  that  some  toxic  ma¬ 
terials  aren’t  present  in  displays  and 
desktops,  respectively.  But  manufactur¬ 
ers  will  never  be  able  to  completely 
remove  all  toxic  content  from  electron¬ 
ic  products.  The  best  approach  for  IT 
products,  Houghton  says,  is  to  “assume 
everything  is  hazardous.”  ©  43804 

MORE  E-WASTE 

It’s  Not  Easy  Being  Green:  Manufacturers  and 
researchers  say  there  are  no  simple  answers  to  the 
recycling  problem:  QuickLink  43807 

Vet  Your  Vendors:  Read  the  vendor  requirements  and 
questionnaire  documents  one  Fortune  500  company 
used  to  choose  a  responsible  recycling  contractor: 

QuickLink  44350 

Vendors  Respond:  Manufacturers  are  working  to 
remove  toxins  and  promote  recycling  of  their  products: 

QuickLink  43806 
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WHAT’S  IN  A  PC?  AN  INGREDIENTS  LIST 


Lead:  Pervasive  in  circuit-board  solder  and  CRT  monitor 
glass.  Can  cause  mental  development  problems  in  children 
and  increased  blood  pressure  in  adults.  Long-term  effects 
include  stroke,  kidney  disease  and  cancer. 

Hexavalent  chromium:  Used  for 
corrosion  protection  and  as  a  hard¬ 
ener  in  metal  housings.  A  recog¬ 
nized  carcinogen.  May  also  cause 
respiratory  problems. 


NOTE:  Substances  listed  in  red  must  be  phased  out 
under  California  and  European  Union  regulations. 


Mercury:  Used  in  LCD  backlight¬ 
ing,  circuit  boards,  some  switches. 
Known  to  cause  birth  defects,  ele¬ 
vated  blood  pressure  and  heart 
problems. 

Cadmium:  Found  in  batteries, 
printed  circuit  boards,  some  plas¬ 
tics.  Ranked  among  the  most  haz¬ 
ardous  chemicals  by  the  EPA,  cad¬ 
mium  is  a  known  carcinogen  and 
can  cause  developmental  and  re¬ 
productive  problems. 

Beryllium:  Used  in  circuit  boards. 
A  known  carcinogen.  Suspected  to 
cause  kidney,  liver,  respiratory,  car¬ 
diovascular  and  other  problems. 


Barium:  Used  in  CRTs  to 
block  radiation.  Suspected  to 
cause  reproductive,  develop¬ 
mental,  neurological  and  res¬ 
piratory  problems. 

Phosphorous:  Found  in 
CRTs.  A  suspected  hazard, 
but  toxicity  is  undocumented. 
Considered  hazardous  under 
the  Federal  Clean  Air  Act. 


Plastics:  In  circuit 
boards,  housings,  cables 
and  connectors.  Can  re¬ 
lease  dioxin  when  burned. 
Dioxin  is  a  documented 
carcinogen  and  suspected 
developmental  toxin. 

Brominated  flame  retardants:  Include  polybrominated  biphenyls 
and  polybrominated  diphenyl  ethers,  both  used  in  plastics.  Con¬ 
firmed  carcinogens.  Cause  birth  defects.  Suspected  to  cause  repro¬ 
ductive,  neurological  and  endocrine  problems. 


SOURCES:  SILICON  VALLEY  TOXICS  COALITION.  TEXAS  TECH  UNIVERSITY.  IMAGE  MICROSYSTEMS.  EPA.  ENVIRONMENTAL  DEFENSE 


TECHNOLOGY 


tl  COMPliiERWORLD  February  2, 2004 


www.computerworld.com 


App-Layer 

Battleground 


Having  a  firewall,  virtual  private  net¬ 
work,  e-mail  gateway  and  intrusion- 
detection  system  isn’t  enough;  today’s 
threats  increasingly  come  through  appli¬ 
cation-layer  attacks,  says  WebCohort 
Inc.  CEO  Shlomo  Kramer.  His 
company  offers  software  to  de¬ 
tect  and  thwart  such  attempts, 
but  the  concept  has  yet  to  gain 
wide  acceptance.  In  a  conver¬ 
sation  with  Computerworld’s  Robert  L. 
Mitchell,  Kramer  discusses  how  the  na¬ 
ture  of  attacks  are  changing,  why  so 
many  Web  applications  are  vulnerable 
and  what  he  has  learned  after  complet¬ 
ing  300  penetration  assessments. 

How  has  information  security  changed  since 
you  co-founded  Check  Point  Software  in 
1993?  Ten  years  ago,  [Check  Point] 
came  out  with  Fire  Wall-1,  the  first  com¬ 
mercial  firewall.  There  were  three  ser¬ 
vices:  FTP,  Telnet  and  e-mail.  Today, 
we’re  talking  about  enterprise  applica¬ 
tions,  hundreds  of  applications,  Web 
servers,  databases  where  everything 
changes  all  the  time.  Everything  is  very 
complex  and  very  dynamic.  The  old 
firewalls  cannot  cope  with  the  dynam¬ 
ics  of  adding  the  applications  you  want 
to  add  every  week.  An  architecture  that 
worked  for  the  network  layers  will  not 
work  at  the  application  layer. 

WebCohort’s  SecureSphere  places  sensors 
on  a  network  to  analyze  the  communications 
between  users  and  applications  over  the 
Web.  It  examines  anomalies  from  normal  ac¬ 
tivity  patterns  and  then  decides  whether  a 
session  constitutes  an  attack.  Can  you  give 
an  example  of  how  that  might  work?  In  a 
buffer  overflow  situation,  programs 
don’t  check  the  length  of  the  [input] 
parameter.  You  can  inject  a  string 
that’s  too  long  and  take  control  of  the 
application  or  crash  the  server.  So  the 
hacker  tries  to  inject  long  strings.  Se¬ 
cureSphere  sees  that  one  parameter  is 
too  long  and  that  the  application  re¬ 
turned  an  error  code. 

With  one  event,  you  can’t  do  any¬ 


thing.  But  if  in  two  minutes  I  see  10  or 
20  of  these  going  back  and  forth,  I  can 
say  with  a  very  high  level  of  certainty 
that  this  session  is  trying  to  do  buffer 
overflow,  so  this  session  needs  to  be 
terminated. 

This  is  a  very  simple 
example,  but  this  is  the 
way  we  use  the  structural 
anomaly.  We  find  them,  we 
correlate  them  over  time,  and  we  find 
enough  evidence  to  say  this  is  a  bad 
thing. 

How  many  large  companies  are  using  such 
tools  today?  This  is  the  very  beginning 
of  the  market.  Only  the  very  early 
adopters  are  using  this  or  considering 
using  this  type  of  tool. 

Does  that  mean  users  aren’t  really  having 
these  types  of  problems?  One  of  the  ser¬ 
vices  we  provide  is  penetration  testing. 
One  of  our  recent  clients  was  one  of 
the  10  largest  banks  in  the  U.S.  They’d 
invested  in  firewalls  and  network  in¬ 
trusion  prevention,  all  of  this  infra¬ 
structure.  They  were  pretty  certain 
about  their  security.  They  gave  us  four 
days  to  penetrate  their  online  banking 
system.  All  we  had  was  an  [online]  ac¬ 
count.  It  took  us  three  hours  to  pene¬ 


trate  that  custom  application  and  gain 
full  access  to  all  online  accounts.  This 
was  completely  unnoticed  by  any  of 
the  infrastructure  firewalls  and  intru¬ 
sion-prevention  products  because  it 
happened  entirely  within  the  applica¬ 
tion.  We  have  tested  almost  300  appli¬ 
cations  in  the  last  four  years,  and  the 
majority  of  them  —  more  than  95%  of 
them  —  have  major  security  issues, 
major  vulnerabilities. 

What  types  of  applications  tend  to  be  most 
vulnerable?  It  goes  much  beyond  the 
bugs  in  [Microsoft’s]  IIS  or  SQL  Server. 
The  real  problem,  the  most  dangerous 
one,  is  that  the  bugs  in  the  custom 
code,  the  code  that  implements  the 
business  process,  that  implements  ac¬ 
cess  to  the  information  in  the  database, 
is  very  vulnerable. 

Of  the  300-odd  penetration  tests  you  did, 
what  were  the  most  common  vulnerabili¬ 
ties?  Two  out  of  three  sites  were  vul¬ 
nerable  to  SQL  injections.  Four  out  of 
five  sites  were  vulnerable  to  cross-site 
scripting.  Two  out  of  three  sites  were 
vulnerable  to  parameter  tampering. 
These  three  are  at  the  top  of  the  list. 

From  your  experience,  what  percentage  of 
Web  applications  have  been  properly  de¬ 
signed  with  security  in  mind?  A  very  small 
percentage. 

Shouldn’t  organizations  be  focusing  on  fixing 
those  vulnerabilities,  rather  than  just  detect¬ 
ing  exploits?  The  basic  programming 
methodologies  that  need  to  be  ad¬ 
dressed  are  simple.  All  of  this  is  well 
documented.  The  key  is,  how  do  you 
make  [the  use  of  secure  coding  meth¬ 
odologies]  consistent?  Time  goes  by, 
and  modules  are  added  and  changed. 

Beyond  that,  there  are  many  vulner¬ 
abilities  that  are  not  technical  but  logi¬ 
cal.  These  are  much  harder  to  protect 


App-Layer  Vulnerabilities 
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SOURCE:  PENETRATION  TESTS  CONDUCTED  BY  WEB¬ 
COHORT’S  APPLICATION  DEFENSE  CENTER  OF  300 
CORPORATE.  GOVERNMENT  AND  OTHER  CLIENT  SITES 
OVER  THE  PAST  FOUR  YEARS 

against,  in  terms  of  making  sure  they 
don’t  go  into  the  code  —  the  logic  of 
the  modules  and  the  way  they  interact. 
These  will  always  be  there.  Even  with 
the  best  practices,  you  will  always  be 
faced  with  enterprise  applications  with 
serious  vulnerabilities.  You  will  always 
have  bugs. 

The  network  security  perimeter  is  too  crowd¬ 
ed  as  it  is.  Why  not  consolidate  this  function 
into  firewalls  or  other  security  appliances? 

This  is  a  separate  class  of  product,  and 
someone  needs  to  provide  a  platform 
for  securing  access.  I  don’t  see  why 
this  needs  to  be  consolidated  with  the 
platform  that  controls  the  traffic  in  the 
network.  They  are  two  problems  that 
need  to  be  solved  separately. 

Check  Point  already  offers  a  function  called 
Application  Intelligence  in  its  FireWall  prod¬ 
uct.  If  we  look  at  Check  Point  and  Ap¬ 
plication  Intelligence,  it’s  the  same  ba¬ 
sically  as  the  network  intrusion  pre¬ 
vention.  These  are  products  that  work 
at  the  network  layer  and,  using  signa¬ 
tures,  protect  against  known  attacks. 
But  they  do  not  protect  the  application 
against  unknown  attacks.  We  track 
users  over  time.  We  know  how  a  nor¬ 
mal  user  behaves,  and  we  identify  the 
malicious  sessions  by  clues  we  collect 
over  time  until  there’s  enough  evidence 
that,  hey,  this  user  is  trying  to  do  some¬ 
thing  bad.  This  is  a  completely  differ¬ 
ent  level  of  technology  than  the  infra¬ 
structure  security  players  can  provide. 

What  do  users  need  to  do  to  ensure  success¬ 
ful  deployment  of  security  tools?  You  need 
to  understand  what  you’re  doing  and 
what  your  security  policy  is.  Which 
alerts  do  you  use,  what  do  you  want  to 
do  with  your  alerts,  where  do  you  want 
to  send  them,  and  what  do  you  want  to 
block?  If  what  you  configure  does  not 
match  your  policy,  that’s  a  problematic 
situation.  ©  43959 
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ETL 

r  DEFINITION  | 

ETL  stands  for  extract,  transform  |1 
and  load,  the  processes  that  en-  m 
able  companies  to  move  data  H 
from  multiple  sources,  reformat  f  j 
and  cleanse  it,  and  load  it  into  || 
another  database,  a  data  mart  or  H 
a  data  warehouse  for  analysis,  or  Igf 
on  another  operational  system  to  B 
support  a  business  process.  11 


BY  MARC  L.  SONGINI 

OMPANIES  know  they 
have  valuable  data  ly¬ 
ing  around  throughout 
their  networks  that 
needs  to  be  moved  from  one 
place  to  another  —  such  as 
from  one  business  application 
to  another  or  to  a  data  ware¬ 
house  for  analysis. 

The  only  problem  is  that  the 
data  lies  in  all  sorts  of  hetero¬ 
geneous  systems,  and  there¬ 
fore  in  all  sorts  of  formats.  For 
instance,  a  CRM  system  may 
define  a  customer  in  one  way, 
while  a  back-end  accounting 
system  may  define  the  same 
customer  differently. 

To  solve  the  problem,  com¬ 
panies  use  extract,  transform 
and  load  (ETL)  software, 
which  includes  reading  data 
from  its  source,  cleaning  it  up 
and  formatting  it  uniformly, 
and  then  writing  it  to  the  tar¬ 
get  repository  to  be  exploited. 

The  data  used  in  ETL  proc¬ 
esses  can  come  from  any 
source:  a  mainframe  applica¬ 
tion,  an  ERP  application,  a 
CRM  tool,  a  flat  file,  an  Excel 
spreadsheet  —  even  a  message 
queue. 

Pulling  the  Data 

Extraction  can  be  done  via 
Java  Database  Connectivity, 
Microsoft  Corp.’s  Open  Data¬ 
base  Connectivity  technology, 
proprietary  code  or  by  creat¬ 
ing  flat  files,  says  Mike  Schiff, 
an  analyst  at  Current  Analysis 
Inc.,  a  Sterling,  Va.-based  con¬ 
sultancy. 

After  extraction,  the  data  is 
transformed,  or  modi¬ 
fied,  depending  on  the 
specific  business  logic 
involved  so  that  it  can 
be  sent  to  the  target 
repository. 

There  are  a  variety 
of  ways  to  perform  the  trans¬ 
formation,  and  the  work  in¬ 
volved  varies.  The  data  may 
require  reformatting  only,  but 
most  ETL  operations  also  in¬ 
volve  cleansing  the  data  to  re¬ 
move  duplicates  and  enforce 
consistency.  Part  of  what  the 
software  does  is  examine  indi¬ 
vidual  data  fields  and  apply 
rules  to  consistently  convert 
the  contents  to  the  form  re¬ 
quired  by  the  target  repository 
or  application,  says  Schiff. 


For  example,  the  category 
“male”  might  be  represented 
in  three  different  systems  as 
M,  male  and  0/1.  The  ETL 
software  would  recognize  that 
these  entries  mean  the  same 
thing  and  convert  them  to  the 
target  format. 

In  addition,  the  ETL  process 
could  involve  standardizing 
name  and  address  fields,  veri¬ 
fying  telephone  numbers  or 
expanding  records  with  addi¬ 
tional  fields  containing  demo¬ 
graphic  information  or  data 
from  other  systems. 

Harriet  Fryman,  group  di¬ 
rector  of  product  mar¬ 
keting  at  data  ware¬ 
housing  vendor  Infor- 
matica  Corp.  in  Red¬ 
wood  City,  Calif.,  of¬ 
fers  an  example.  Say, 
for  instance,  that  a 
customer  runs  Oracle  finan¬ 
cials,  PeopleSoft  human  re¬ 
sources  software  and  SAP 
manufacturing  applications 
and  needs  to  access  the  data 
in  each  of  these  systems  to 
complete  an  order-to-cash 
process.  This  will  require  the 
company’s  ETL  software  to 
extract  data  from  the  originat¬ 
ing  systems,  which  isn’t  as 
easy  as  it  sounds  in  some  in¬ 
stances  —  for  example,  pulling 
data  from  the  SAP  manufac¬ 


turing  application  would  re¬ 
quire  the  generation  of  SAP 
proprietary  ABAP  code  to  ex¬ 
tract  the  shipping  and  open 
purchase-order  information. 

The  transformation  occurs 
when  the  data  from  each 
source  is  mapped,  cleansed 
and  reconciled  so  it  all  can  be 
tied  together,  with  receivables 
tied  to  invoices  and  so  on. 


After  reconciliation,  the  data 
is  transported  and  loaded  into 
the  data  warehouse  for  analy¬ 
sis  of  things  such  as  cycle 
times  and  total  outstanding 
receivables. 

Fryman  says  customers  are 
using  ETL  not  only  for  data 
warehousing  and  business  in¬ 
telligence  activities;  they’re 
also  moving  data  from  one  op¬ 
erational  system  to  another, 
such  as  from  an  ERP  system 
to  a  CRM  application. 

One  Truth 

“ETL  allows  teams  of  business 
users  to  operate  from  one  ver¬ 
sion  of  the  truth,”  says  Chet 
Phillips,  IT  director  for  busi¬ 
ness  intelligence  at  Motorola 
Inc.  in  Schaumburg,  Ill.  The 
company  uses  ETL  to  feed  its 
Informatica  data  warehouses. 

ETL  allowed  Motorola  to 
collect  information  from  30 
different  procurement  systems 
and  send  it  to  its  global  supply 
chain  management  data  ware¬ 
house  to  analyze  what  the 
company  was  spending  in  ag¬ 
gregate,  says  Phillips. 

In  the  past,  companies  that 
were  doing  data  warehousing 
projects  often  used  home¬ 
grown  code  to  support  ETL 
processes,  says  Schiff.  How¬ 
ever,  even  those  that  had  done 
successful  implementations 
found  that  the  source  data  file 


formats  and  the  validation 
rules  applying  to  the  data 
evolved,  requiring  the  ETL 
code  to  be  modified  and 
maintained.  And  companies 
encountered  problems  as 
they  added  systems  and  the 
amount  of  data  in  them  grew. 
Lack  of  scalability  has  been  a 
serious  issue  with  homegrown 
ETL  software. 

Providers  of  packaged  ETL 
systems  include  Microsoft, 
which  offers  data  transforma¬ 
tion  services  bundled  with  its 
SQL  Server  database.  Oracle 
has  embedded  some  ETL  ca¬ 
pabilities  in  its  database,  and 
IBM  offers  a  DB2  Information 
Integrator  component  for  its 
warehouse  offerings. 

There  are  also  third-party 
vendors  that  offer  bolt-on 
tools.  They  include  Informati¬ 
ca,  data  integration  vendor 
Ascential  Software  Corp.  in 
Westboro,  Mass.,  and  Hum¬ 
mingbird  Ltd.  in  Toronto.  The 
software  from  third-party  ven¬ 
dors  can  offer  integration 
among  a  wider  variety  of  het¬ 
erogeneous  applications  and 
data  structures,  says  Schiff. 
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Moving  and 
Improving  Data 


EXTRACT 

The  process  of  reading  data 
from  a  database. 


Packaged  applications 
(CRM,  ERP) 


TRANSFORM 

The  process  of  converting  the  ex¬ 
tracted  data  from  its  original  state 
into  the  form  it  needs  to  be  in  so 
it  can  be  placed  into  another  data¬ 
base.  Transformation  occurs  by  us¬ 
ing  rules  or  lookup  tables  or  by 
combining  the  data  with  other  data. 


LOAD 

The  process  of  writing  the  data 
into  the  target  database. 


Other  internal  applications 
(C++,  Java,  Visual  Basic) 


ETL  software  is  used  to  migrate  data  from  one  database  to  another  or  to  data  marts  and  data  warehouses. 
The  central  part  of  the  process,  the  “transform”  function,  cleanses  the  data,  eliminates  duplicates  and  refor¬ 
mats  the  data  for  the  target  repository. 
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Developer  Tool  Kit 
Raises  Backdoor  Alarms 


When  antivirus  software  points  to  malware 
in  production  applications,  the  source 
appears  to  be  the  tool  kit  used  to  create 
the  affected  code.  By  Vince  Tuesday 


ow  well  would  you 
do  in  a  negotiation 
with  a  foreign  vendor 
if  the  representative 
didn’t  speak  English  and  your 
translator  was  secretly  work¬ 
ing  for  a  competitor?  How 
would  you  ever  find  out?  And 
how  would  you  investigate, 
even  if  you  did  suspect  it?  We 
faced  this  terrible  problem 
recently,  but  in  our 
case,  the  translators 
were  programs,  not 
people. 

Our  software  trans¬ 
lates  stored  data  into 
the  business  informa¬ 
tion  that  we  use  to 
make  decisions  and  execute 
trades.  If  we  can’t  trust  that 
software,  then  we  can’t  trust 
what  it’s  telling  us  about  our 
data.  And  if  we  mistakenly 
trust  that  data,  we’ll  lose  a  lot 
of  money  very  quickly. 

We  have  to  place  a  lot  of 
trust  in  the  staff  that  writes 
our  applications.  We  also  do  a 
lot  of  code  testing,  but  that’s 
mostly  aimed  at  finding  er¬ 
rors,  not  deliberately  hidden 
malicious  code.  Such  embed¬ 
ded  code  might  be  leaking 
data  to  competitors  or  adjust¬ 
ing  financial  reports  so  that 
the  perpetrator  can  rip  us  off 
without  being  detected. 

Luckily,  we  have  sharp  audit 
teams,  we  force  our  develop¬ 
ment  teams  to  use  develop¬ 
ment  tool  kits,  and  we  conduct 
code  reviews  to  make  sure 
there  are  no  surprises  in  our 
code’s  quality. 

But  what  if  we  can’t  trust 
our  tool  kits?  What  if,  after  all 
the  manual  review  and  the 
checking  of  our  custom  code, 
the  tool  kit  goes  ahead  and  in¬ 
stalls  malicious  code  in  our 


applications?  That  was  the 
question  I  faced  when  our 
antivirus  software  started 
shouting  about  us  having  a 
“backdoor”  program  on  key 
production  servers. 

Specifically,  the  virus  check¬ 
er  found  a  Dynamic  Link  Li¬ 
brary  (DLL)  file  on  most  of 
our  servers  that  contained  the 
signature  of  a  relatively  new 
backdoor  tool. 

Could  some  de¬ 
velopment  staffer 
have  sneaked  a  back 
door  into  our  code? 
We  immediately 
shipped  copies  of 
our  code  to  antivirus 
vendors  for  analysis.  Perhaps 
this  was  a  false  alarm.  Or  per¬ 
haps  some  code  combination 
was  setting  off  the  antivirus 
alert  without  actually  being 
malicious. 

But  our  hopes  were  dashed 
when  the  vendors  confirmed 
that  the  code  was  a  match. 

The  code  itself  consists  of  a 
series  of  hooks  that  an  attack¬ 
er  could  use  to  hide  files  from 
the  operating  system  or  to  col¬ 
lect  passwords  by  intercepting 
the  calls  that  legitimately  ask 
for  them  from  users. 

At  first,  the  finger  of  suspi¬ 
cion  pointed  squarely  at  the 


Could  some 
development  staffer 
have  sneaked  a 
back  door  into 
our  code? 


development  group.  Using  the 
new  antivirus  signatures,  we 
began  sweeping  across  pro¬ 
grammers’  desktops.  The  in¬ 
fected  files  were  everywhere 
—  even  on  the  release  CDs 
from  our  tool  kit  provider.  Oh. 

If  the  backdoor  files  were 
on  the  CD,  then  our  staff  was 
not  the  cause  of  the  problem. 
By  using  the  tool  kit,  our  pro¬ 
grammers  had  inadvertently 
created  infected  files  with 
each  new  application. 

But  my  relief  that  our  own 
staff  wasn’t  to  blame  gave  way 
to  a  couple  of  more  horrible 
thoughts:  Had  an  attacker  fig¬ 
ured  out  a  way  around  the  de¬ 
fenses  of  not  just  my  company 
but  every  other  financial  ser¬ 
vices  company  that  uses  this 
tool  kit?  Indeed,  why  target  a 
well-protected  financial  ser¬ 
vices  company  when  you  can 
attack  a  tool  kit  distribution 
they  all  use? 

The  New  Dilemma 

After  some  frantic  calls  to  the 
tool  kit  vendor,  we  tracked 
down  the  senior  technical 
staffers.  The  code  in  question 
wasn’t  a  back  door,  they  ex¬ 
plained,  but  a  series  of  tools 
used  for  debugging  so  that  ap¬ 
plication  events  could  be 
caught  and  modified  to  let 
testing  happen  without  chang¬ 
ing  the  operating  system. 

This  sounded  reasonable. 
But  why  did  the  antivirus  ven¬ 
dors  claim  it  was  a  threat  if 
this  code  was  used  only  for 
harmless  testing?  A  more  ju¬ 
nior  technical  chap  replied  in 
a  blase  manner  that  he  was 
friendly  with  a  hacker  group 
and  that  they  had  used  the 
same  tool  kit  we  had  bought. 
But  instead  of  hooking  into 
the  calls  to  debug  and  test 
code,  they  had  produced  a  fa¬ 
mous  backdoor  program. 

I  was  at  a  loss.  Should  I  trust 
the  vendor’s  assurances  that 
the  tool  kit  wasn’t  malicious, 


even  though  the  code  was  pro¬ 
duced  by  a  staffer  who  ex¬ 
changed  tools  with  a  black-hat 
hacker  group?  How  could  we 
be  sure  that  the  hackers 
wouldn’t  target  the  vendor  of 
the  tool  kit  to  get  into  the  le¬ 
gitimate  companies  that  had 
bought  it? 

On  the  other  hand,  we  had 
no  evidence  that  anything  ma¬ 
licious  had  happened  —  but 
how  would  we  know  until  we 
lost  a  lot  of  money? 

Tough  Choices 

I’m  still  trying  to  decide  what 
to  do.  We  might  consider  get¬ 
ting  our  staff  or  an  indepen¬ 
dent  group  to  review  the  tool 
kit  source  code,  in  the  unlikely 
event  that  the  vendor  would 
agree  to  this.  But  that  would 
be  very  expensive,  and  with 
every  new  release,  we’d  have 
to  check  it  all  again. 

Even  then,  how  would  we 
know  that  the  compiled  DLLs 
and  executable  files  that  we 
received  were  produced  from 
the  source  code  that  was 
checked? 

If  we  don’t  do  something, 
then  the  very  tool  kits  we  re¬ 
quire  our  programmers  to  use 
to  reduce  security  risks  might 
provide  a  hacker  with  a  direct 
route  into  the  core  of  our  com¬ 
pany.  For  now,  we’re  just  run¬ 
ning  antivirus  scans  on  all  our 
software. 

This  issue  has  opened  my 
eyes  to  the  level  of  trust  I  can 
extend  to  a  vendor.  What 
would  you  do  if  you  were  in 
my  situation?  I  welcome  your 
suggestions.  I 

WHAT  DO  YOU  Ik? 

This  week's  journal  is  written  by  a  real 
security  manager,  "Vince  Tuesday,”  whose 
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tuesday@hushmail.com,  or  join  the  dis¬ 
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Security  Bookshelf 

Exploiting  Software:  How  to 
Break  Code,  by 
Greg  Hoglund  and 
Gary  McGraw; 
Addison-Wesley, 

2004. 

This  book  has  a 
black  hat  on  the 
cover,  and  for 
good  reason:  It 
teaches  readers  how  to  exploit 
software  and  attack  systems. 

While  it’s  great  if  you  want 
to  delve  into  the  mind-set  and 
tool  kit  of  the  black  hats,  the 
authors  touch  only  lightly  on 
defensive  measures.  For  ex¬ 
ample,  they  repeatedly  advise 
against  relying  on  blacklists  to 
stop  bad  inputs  because  they 
prefer  whitelists.  That  may  be 
good  advice,  but  the  authors 
give  no  details  on  how  to  im¬ 
plement  the  strategy. 

Exploiting  Software,  clearly 
written  by  experts,  is  perfect 
for  development  teams  that 
need  to  understand  the  scale 
of  the  shared  experience  ready 
to  be  leveled  against  their 
software.  As  a  security  man¬ 
ager,  however.  I’m  not  reas¬ 
sured  about  the  state  of  my 
company’s  current  defenses 
or  software  infrastructure, 
since  Hoglund  and  McGraw 
have  shown  how  to  bypass 
even  the  most  carefully  de¬ 
signed  security  controls. 

-  Vince  Tuesday 

Intrusion  Detection 
For  Voice  Nets 

CailKnowing  LLC  in  Sacra¬ 
mento  has  announced  an  in¬ 
trusion-detection  service  that 
monitors  both  private  branch 
exchange  and  voice-over-IP 
telephony  systems  and  reports 
problems.  The  service  moni¬ 
tors  the  PBX  configuration  for 
changes,  scans  IP-connected 
devices  for  possible  vulnera¬ 
bilities  and  monitors  activity 
on  TCP  and  UDPports.lt  also 
monitors  and  logs  events  such 
as  unauthorized  changes  to 
stations,  failed  access  at¬ 
tempts,  excessive  outcalling 
from  voice  mail  and  unusual 
trunk  activity.  Reports  and 
alerts  are  delivered  via  e-mail 
and  are  available  on  the  Web. 
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CA  Upgrades 
Backup  Software 

Computer  Associates  Internation¬ 
al  Inc.  last  week  announced  that 
it’s  shipping  BrightStor  ARCserve 
Backup  Release  11  for  Windows, 
which  allows  companies  to  copy 
data  on  Microsoft-based  clients 
and  servers.  New  features  include 
the  ability  to  support  multiple 
backup  jobs  to  the  same  tape  me¬ 
dia  simultaneously,  according  to 
Islandia,  N.Y.-based  CA.  Pricing 
starts  at  $775. 


NAI  Unveils  Net 
Management  Tools 

Network  Associates  Inc.  in  Santa 
Clara,  Calif.,  has  added  two  prod¬ 
ucts  to  its  Sniffer  product  line: 
the  InfiniStream  Network  Man¬ 
agement  system  and  the  10GbE 
Analyzer. 

InfiniStream  Network  Manage¬ 
ment  comes  in  two  models.  The 
i1610  is  a  4U  rack-mounted  appli¬ 
ance  with  3.2TB  of  storage  ca¬ 
pacity  and  two  ports  offering 
Gigabit  connections.  The  i410  is 
a  2U  rack-mounted  appliance 
with  800GB  of  storage  and  four 
ports  of  10/100  Ethernet  capabili¬ 
ty.  (A  1U  server  is  1.75  in.  high.) 
The  i1610  is  priced  at  $75,000, 
and  the  i410  costs  $35,000. 

The  10GbE  Analyzer  is  a  10 
Gigabit  Ethernet  network  moni¬ 
toring  and  analysis  appliance 
priced  at  $150,000. 


Suite  Adds  IM  to 
Videoconferences 

Tandberg  last  week  announced 
an  upgrade  to  its  management 
software  that  brings  instant  mes¬ 
saging  capability  to  videoconfer¬ 
encing.  The  New  York-based  ven¬ 
dor’s  Tandberg  Management 
Suite  8.0  will  support  Tandberg 
Instant  Messenger  software, 
which  works  with  MSN  Messen¬ 
ger  to  detect  the  presence  of  IM 
users  and  indicate  whether  video- 
conferencing  hardware  and  soft¬ 
ware  are  available  for  a  videocon¬ 
ferencing  session.  Tandberg  In¬ 
stant  Messenger  costs  $5,000 
for  50  concurrent  users;  TMS  8.0 
costs  $3,750  for  25  systems. 


PAUL  A.  STRASSMANN 


Most  Outsourcing 
Is  Still  for  Losers 


The  most  frequent  reason  compa¬ 
nies  turn  to  outsourcing  is  the  need  to  in¬ 
crease  profits.  Replacing  premium-priced 
labor  with  workers  earning  less  has  led  to 
lower  costs  for  products  and  services. 
That  in  turn  has  led  to  an  increase  in  the  purchases  — 
that  is  outsourcing  —  of  materials,  components,  parts 
and  services  by  the  companies.  The  value  of  outsourc¬ 


ed  goods  and  services  for 
U.S.  companies  now  aver¬ 
ages  65%  of  the  value  of 
their  sales.  This  kind  of  cal¬ 
culation  is  in  the  spotlight 
because  this  phenomenon 
has  become  the  central 
concern  of  what’s  called 
the  “globalization”  of  com¬ 
merce.  Accordingly,  firms 
with  a  higher  ratio  of  out¬ 
sourcing  purchases  to  sales 
would  tend  to  be  more 
profitable  since  they  would 
be  substituting  lower-cost 
goods  and  services  from 
global  sources  for  higher-priced  U.S.- 
produced  equivalents. 

A  theory  that  suggests  that  out¬ 
sourcing  improves  profitability  would 
contradict  observations  I  made  in 
Computerworld  in  1995  [see  “Out¬ 
sourcing:  A  Game  for  Losers,”  Quick- 
Link  a3980].  At  that  time,  I  collected 
data  on  13  of  the  largest  IT  outsourc¬ 
ing  contracts.  I  showed  that  compa¬ 
nies  that  were  contracting  out  a  major 
share  of  their  IT  spending  could  be 
characterized  as  losers.  Their  profits 
were  declining  while  they  were  cut¬ 
ting  significant  numbers  of  employees. 

To  re-examine  the  economics  of  out¬ 
sourcing,  I  collected  2002  payroll  data 
on  a  diverse  and  random  sample  of  324 
companies  listed  in  Standard  &  Poor’s 
financial  reports.  After  adding  taxes, 
profits  and  depreciation,  I  calculated 
each  company’s  value-added.  The  dif¬ 
ference  between  sales  and  the  value- 
added  yielded  the  worth  of  outsourced 


purchases  because  sales 
minus  value-added  equals 
the  amount  that  has  been 
outsourced  to  suppliers. 

The  results  were  sur¬ 
prising.  One  hundred  and 
seven  companies  reported 
a  negative  return  on  share¬ 
holder  equity,  which  would 
mark  them  as  losers.  But 
217  reported  a  positive  re¬ 
turn  on  shareholder  equity, 
which  would  earn  them 
the  winner’s  label.  There 
were,  however,  statistically 
significant  differences  be¬ 
tween  the  losers  and  the  winners. 

The  losers’  average  outsourcing-to- 
sales  ratio  was  25%  greater  than  the 
winners’.  Eighty-six  percent  of  the 
losers  were  outsourcing  more  than 
half  of  their  costs.  The  returns  on 
shareholder  equity  for  the  winners 
were  clustered  around  low  outsourc¬ 
ing  ratios;  the  large  losers  showed  high 
outsourcing  ratios. 

To  verify  these  insights,  I  ran  an 
analysis  of  466  U.S.  banks.  For  this  ho¬ 
mogeneous  sample,  the  negative  rela¬ 
tionship  between  outsourcing  and 
profitability  was  statistically  even 
more  significant.  What  do  these  find¬ 
ing  tell  us? 

1.  My  1995  assertion  that  “outsourcing  is  a 
game  for  losers”  still  stood  up  in  2002,  even 
though  in  this  case  I  don’t  propose  to 
connect  the  outsourcing  of  IT  with 
negative  profitability.  The  current 
findings  offer  a  managerial  perspec¬ 
tive  on  the  economics  of  outsourcing. 


PAUL  A.  STRASSMANN 
(paul@strassmann.com)  was 
involved  in  one  of  the 
largest  IT  outsourcing 
contracts  ever  made  and 
witnessed  how  everyone 
ended  up  a  loser. 


2.  My  calculations  indicate  that  only  26% 
of  the  low  profitability  results  are  attributable 
to  outsourcing.  Companies  already  fail¬ 
ing  for  other  reasons  will  tend  to  out¬ 
source  increasing  amounts  of  work, 
thus  diminishing  their  value-added. 

3.  My  findings  don’t  support  the  frequent 
predictions  that  U.S.  firms  will  tend  to  out¬ 
source  in  order  to  increase  profits  and  thus 
eventually  leave  us  with  a  “hollow”  economy. 

What,  then,  is  the  significance  of 
these  findings  for  IT  management? 

First,  the  decision  to  outsource  IT 
shouldn’t  be  taken  in  isolation  and 
without  full  exploration  of  the  poten¬ 
tial  effects  on  the  overall  financial  per¬ 
formance  of  a  company.  Sure,  one  can 
always  show  savings  by  passing  IT 
tasks  to  someone  who  can  do  it  cheap¬ 
er.  But  IT  accounts  for  only  a  small 
share  of  the  total  costs  that  a  company 
incurs.  The  damage  from  mismanaged 
outsourcing  will  always  exceed  the  po¬ 
tential  benefits  from  anticipated  IT 
cost  reductions. 

Second,  any  company  bidding  on  an 
outsourcing  contract  should  ascertain 
whether  the  potential  client  is  a  loser 
or  a  winner.  There  are  many  cases  that 
demonstrate  why  delivering  services 
to  losers  with  already  damaged  sys¬ 
tems  is  risky.  Whenever  IT  work  is 
outsourced,  even  under  an  ironclad 
contract,  there  is  the  likelihood  that 
the  losers’  damaged  operations  sys¬ 
tems  can’t  be  fixed  by  handing  over 
custody  for  critical  applications  to  a 
contractor.  Both  the  winner  of  such  an 
outsourcing  contract  and  the  company 
doing  the  outsourcing  will  end  up 
worse  off  and  in  hard-to-reconcile 
finger-pointing.  ©  44320 

MORE  ONLINE 

To  see  a  chart  of  how  Strassmann's  winners  and  losers 
fall,  visit  our  Web  site: 

OQuickLink  a4010 
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Dual  Curses 

Two  scourges  —  viruses  and 
spam  —  are  the  most  vexing 
e-mail  issues  facing  CIOs,  ac¬ 
cording  to  an  exclusive  survey. 
Regulatory  compliance  isn’t 
far  behind.  Page  29 
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A  Tough  Sell 

Who’s  Driving  IT  Alignment? 

Multimillion-dollar  medical 

Who  should  be  in  charge 

imaging  systems  are  hard  to 

of  business/IT  alignment? 

sell  to  cash-strapped  hospitals, 

It’s  the  CEO,  not  the  CIO, 

but  some  users  say  they’ve 

argues  Gopal  Kapur. 

seen  definite  benefits.  Page  30 
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Pop-culture  experts  say 
the  nostalgia  cycle  is  grow¬ 
ing  shorter  and  shorter  — 
that  someday  we  may  all 
yearn  for  those  lazy,  hazy, 
carefree  days  of  six  weeks 
ago.  So  it  doesn’t  seem  out  of  line  to 
look  back  with  amusement  at  2000. 
Back  then,  James  Glassman  and  Kevin 
Hassett’s  Dow  36,000:  The  New  Strate¬ 
gy  for  Profiting  from  the  Coming  Rise  in 
the  Stock  Market  (Three  Rivers  Press, 
2000)  was  selling  briskly,  and  experts 
were  predicting  that  enterprises  were 
set  to  junk  a  hundred  years’  worth  of 
purchasing  practices  and  instead  buy 
everything  —  from  manila  envelopes 
to  sheet  steel  —  through  online  ex¬ 
changes,  or  e-marketplaces. 

Seems  almost  quaint,  doesn’t  it? 

The  idea,  you’ll  recall,  was  to  conjure 
the  Internet’s  power  to  form  a  more  effi¬ 
cient  marketplace.  Suppliers  would  be 
forced  to  cut  prices  (because  if  they 
wouldn’t,  a  competitor  surely  would), 
but  the  best  would  benefit  from  massive 
volumes.  Buyers  would  have  a  world  of 
choice  a  mouse  click  away,  all  at  rock- 
bottom  prices.  Everybody  would  win. 
All  this  was  scheduled  to 
occur  soon,  just  about 
the  time 


Why  did  some  online 
exchanges  survive  while 
many  others  failed?  It  helped 
to  have  members  with  deep 
pockets.  By  Steve  Ulfelder 


the  Dow  would  be  closing  on  36,000. 

According  to  Keenan  Vision  Inc.,  a 
Berkeley,  Calif. -based  analyst  firm, 
more  than  200  exchanges  and  ex- 
change-related  products  were  rolled 
out  each  month  from  November  1999  to 
April  2000.  Small  wonder,  then,  that 
Keenan  once  predicted  that  there 
would  be  4,070  exchanges  in  the  U.S. 
by  this  year.  Today,  analysts  and  ex¬ 
change  CEOs  say  they  believe  that 
fewer  than  200  e-marketplaces  survive 
—  though  It’s  hard  to  nail  down  a  pre¬ 
cise  number. 

Carl  F.  Lehmann,  an  analyst  at  Meta 
Group  Inc.,  says,  “If  you’re  trying  to 
exploit  economies  of  scale,  you  don’t 
need  to  set  up  [online]  markets;  you 
need  to  analyze  markets.  All  you  have 
to  do  is  put  three  good  MBAs  on  the 
problem.  But  we  learned  that  too  late.” 

Most  exchanges  were  bubble-driven 
businesses  that  quietly  folded  when 
the  venture  funding  dried  up.  But  some 
vertical  e-marketplaces  were  founded 
by  industry  consortia  whose  members 
boast  deep  pockets.  Many  of  them 
have  flailed  about  for  tenable  business 
models  and  managers,  but  along  the 
way  they’ve  learned  how  to  deliver  val¬ 
ue  to  their  members/customers.  By 
signing  on  with  Elemica  Inc.,  an  online 
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The  Survivors 

A  sampling  of  extant  industry  exchanges: 


EXCHANGE 

INDUSTRY 

HEADQUARTERS 

URL 

Covisint  LLC 

Automotive 

Southfield,  Mich. 

covisint.com 

Elemica  Inc. 

Chemical 

Wayne,  Pa. 

elemica.com 

Exostar  LLC 

Defense/aerospace 

Herndon,  Va. 

exostar.com 

E20pen  Inc. 

Technology 

Redwood  City,  Calif. 

e2open.com 

Global  Healthcare 
Exchange  LLC 

Health  care 

Westminster,  Colo. 

ghx.com 

Pantellos  Group  LP 

Utility/energy 

Houston 

pantellos.com 

Trade-Ranger  Inc. 

Energy/chemical 

Houston 

trade-ranger.com 

Transora  Inc. 

Consumer  goods 

Chicago 

transora.com 

UCCnet  Inc. 

Consumer  goods/retail 

Lawrenceville,  N.J. 

uccnet.com 

WorldWide  Retail 
Exchange  LLC 

Retail 

Alexandria,  Va. 

wwre.com 

exchange  for  the  chemical  industry, 
The  Dow  Chemical  Co.  “saved  thou¬ 
sands  of  hours,”  says  Dow  CIO  Dave 
Kepler,  “and  we  think  we  can  [eventu¬ 
ally]  reduce  inventories  up  to  50%.” 

Less  Tech,  More  Value 

While  the  exchange  boom  was  by  its 
very  nature  technology-driven,  the 
surviving  companies  universally  agree 
that  their  focus  has  shifted.  “We’ve 
transitioned  from  a  tech  company  in 
Houston  to  a  company  with  people  on 
the  ground  working  with  [member 
companies’]  procurement  people,”  says 
John  Wilson,  CEO  of  Trade-Ranger 
Inc.,  an  exchange  that  serves  the  ener¬ 
gy  industry.  “Three  years  ago,  the  tech 
was  our  raison  d’etre.  No  longer.  We’ve 
gone  from  being  IT  experts  to  being 
purchasing  experts.” 

Like  their  fallen  brethren,  the  surviv¬ 
ing  exchanges  once  had  ambitious,  IT- 
driven  plans  —  overly  ambitious,  as  it 
turned  out.  For  many  reasons,  compa¬ 
nies  were  reluctant  to  alter  purchasing 
practices.  To  succeed,  exchanges  had 
to  adjust.  “In  2000,  we  thought  we’d 
move  faster.  We  thought  we’d  bring 
people  right  to  the  Net  and  XML,”  says 
Kevin  Ruffe,  chief  operating  officer  at 
Global  Healthcare  Exchange  LLC.  “But 
soon  we  realized  we  were  pushing  a 
rock  uphill.  Health  care  [IT]  systems 
aren’t  the  most  up  to  date. . . .  People 
had  EDI  and  didn’t  want  to  change 
that.  We  had  to  back  off  our  aspirations 
of  making  major  changes  quickly.” 

Trade-Ranger  was  “conceived  as  a 
technology  play,  but  no  one  knew  how 
to  make  the  value  real,”  Wilson  says. 
“The  first  idea  was  to  connect  the 
world  virtually  from  behind  a  firewall 
in  Houston.  It  didn’t  work.  We  then 
spent  a  few  hundred  million  and  went 
through  many  CEOs.”  Trade-Ranger 
survived  its  murky  times  because  its 
founding  companies  were  patient  and 
had  a  five-  to  seven-year  plan. 

It’s  still  not  clear  whether  even  the 


survivors  will  ever  be  truly  successful. 
Analysts  say  privately  that  many  com¬ 
panies  that  helped  found  exchanges 
have  little  hope  that  their  investments 
will  ever  pay  off,  and  they  would  bail 
out  if  they  could  do  so  gracefully. 

The  strongest  exchanges  appear  to 
be  those  that  downplayed  technology 
from  the  outset.  Pantellos  Group  LP,  an 
e-marketplace  for  large  utilities,  is 
mentioned  by  Gartner  Inc.  analyst  An¬ 
drew  White  as  one  of  the  standouts. 
According  to  Pantellos  CEO  Jim 
Neikirk,  the  key  is  that  “from  the  be¬ 
ginning,  we  knew  it  was  about  value- 
add,  not  just  technology.  Our  clients 
have  had  some  [fiscal]  struggles,  so  we 
recognized  that  cost  management  is 
really  important  to  them.” 

Early  failures  —  or,  at  best,  unim¬ 
pressive  savings  for  customers  — 
prompted  exchanges  to  ask  how  they 
could  deliver  value,  and  the  result, 
Meta’s  Lehmann  says,  is  that  “they’re 
morphing  into  supply  chain  business- 
process  outsourcing  companies.”  In¬ 


deed,  when  exchange  executives  dis¬ 
cuss  their  offerings,  they  could  easily 
be  confused  with  systems  integrators 
or  software  vendors. 

“We  wanted  to  get  buyers’  ERP  talk¬ 
ing  to  sellers’  ERP,”  says  Elemica  CEO 
Kent  Dolby.  Elemica’s  star  offering  is  a 
software  hub  that  allows  the  many  in¬ 
dustry-specific  XML  variants  to  com¬ 
municate  with  each  other.  “Some  larg¬ 
er  companies  want  to  be  very  integrat¬ 
ed  [with  supply  chain  partners]  and 
have  a  SAP  or  Oracle  or  Baan  system,” 
Dolby  says.  “Others  may  be  simple 
buyers  working  off  Excel  spreadsheets. 
We  need  to  talk  with  all  of  them.” 

Real  Savings? 

The  big  question  is  whether  exchanges 
can  help  companies  save  money  —  and 
how  much. 

Nick  Parnaby,  global  director  of 
member  development  at  the  World- 
Wide  Retail  Exchange  LLC  in  Alexan¬ 
dria,  Va.,  says  that  since  the  exchange’s 
founding  in  2000,  “members  have 


saved  $1.1  billion  to  $1.2  billion,”  with 
returns  on  their  investments  at  700% 
to  1,000%.  Retailers  save  on  mainte¬ 
nance,  repair  and  operating  equipment 
(known  as  MRO,  essentially  all  the 
supplies  that  don’t  go  into  the  product) 
and  private-label  goods.  Parnaby  says 
the  typical  member  saves  13%,  but  that 
number  rises  to  20%  if  member  com¬ 
panies  “pool  their  spend”  with  one  an¬ 
other  to  improve  economies  of  scale. 

Exchanges  also  point  to  other  corpo¬ 
rate  benefits.  According  to  Wilson,  one 
Trade-Ranger  member  has  cut  head 
count  in  its  accounts-payable  depart¬ 
ment  from  99  people  last  year  to  40. 

Craig  Weida,  vice  president  of  sup¬ 
ply  chain  and  administrative  services  at 
Cinergy  Corp.,  a  Pantellos  customer, 
says  Cinergy  has  seen  a  500%  return 
on  its  investment  in  the  exchange.  The 
company  now  routes  50%  of  its  pur¬ 
chase  orders  through  Pantellos  and  has 
seen  a  dramatic  drop  in  error  rates,  he 
adds.  Pantellos  says  its  members  have 
saved  an  aggregate  $315  million  since 
the  exchange’s  founding  in  2000. 

Elaine  Callas,  CIO  at  Englewood, 
Colo.-based  hospital  chain  Centura 
Health,  says  that  signing  on  with  the 
Global  Healthcare  Exchange  was  a  ma¬ 
jor  component  of  a  plan  that  let  Centu¬ 
ra  cut  the  number  of  steps  in  its  pur¬ 
chasing  process  by  more  than  half.  Cal¬ 
las  was  been  sufficiently  impressed  to 
increase  the  chain’s  use  of  the  ex¬ 
change  nearly  350%  from  2002  to  2003. 

Such  impressive  returns  help  explain 
why  Gartner,  Meta  and  other  analyst 
firms  predict  an  exchange  renaissance 
over  the  next  several  years.  If  your 
company  isn’t  part  of  an  industry  mar¬ 
ketplace  yet,  congratulations  —  you 
may  be  poised  to  reap  the  benefits 
without  having  to  remove  arrows  from 
your  back.  ©  44038 


Ulfelder  is  a  Computerworld  contribut¬ 
ing  writer  in  Southboro,  Mass.  Contact 
him  at  sulfelder@charter.net. 
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Deep  Pockets  Prevail 


The  vast  majority  of  today’s  exchanges  owe 
their  survival  in  large  measure  to  the  simple 
phenomenon  of  deep  pockets:  They  were 
formed  by  massive  companies  that  kicked  in 
millions  apiece  back  in  the  heady  late  1990s. 
The  Worldwide  Retail  Exchange,  for  example, 
was  founded  by  17  retailers  from  the  U.S.,  Asia 
and  Europe,  each  of  which  kicked  in  $10  mil¬ 
lion,  according  to  Nick  Parnaby,  the  exchange's 
global  director  of  member  development. 


The  WorldWide  Retail  Exchange  then  re¬ 
cruited  another  45  members  that  contributed 
lesser  sums,  Parnaby  adds.  All  told,  the  ex¬ 
change  raised  $200  million  within  a  year. 

Most  exchanges  are  less  forthcoming  about 
the  amount  of  their  funding,  but  the  might  of 
their  founders  offers  clues.  Elemica,  for  exam¬ 
ple,  was  formed  in  2000  by  such  chemical- 
industry  titans  as  Du  Pont  Co.,  Dow  Chemical, 
BASF  Corp.  and  Mitsubishi  Chemical  Corp. 


Pantellos  was  established  (also  in  2000)  by 
the  nation's  20  largest  electric  utilities,  includ¬ 
ing  Consolidated  Edison  Inc.,  Duke  Power  Co., 
Entergy  Corp.  and  Pacific  Gas  &  Electric  Co. 

The  list  goes  on,  and  the  point  is  clear:  One 
way  for  an  exchange  to  survive  is  to  depend  on 
the  kindness  of  its  founders.  Pantellos  is  a  rare 
bird  in  that  it  is  “both  earnings-  and  cash-posi¬ 
tive,"  says  CEO  Jim  Neikirk. 

Analysts  say  most  exchanges  are  under 
pressure  from  their  members  to  stop  being 
cost  centers.  “We  understand  that  [exchange] 
members  are  starting  to  call  up  and  say. 


‘Where’s  the  value?’  ”  says  Meta  Group  analyst 
Carl  F.  Lehmann.  “Many  businesses  question 
whether  the  e-marketplaces  can  do  the  [re¬ 
quired]  tasks  and  do  them  cheaper.  Their  value 
is  very  much  in  question.” 

The  exchanges  are  very  much  aware  of  this, 
and  they’re  determined  to  make  the  transition. 
Trade-Ranger  CEO  John  Wilson  says,  “In 
2004,  our  business  model  will  change.  We  will 
be  paid  for  the  value  we  deliver,  not  [treated] 
as  a  subsidy.  All  of  our  customers  would  prefer 
not  to  be  on  an  equity  ownership  basis." 

-  Steve  Ulfelder 
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Controlling  the  virus  and  spam  epidemics 
is  the  top  e-mail  concern  of  CIOs,  a  Ferris 

Research/Com puterworld  survey  finds. 

By  Jeff  Ubois  and  Mitch  Betts 


SLAMMER.  Bugbear.B.  Blaster. 

Sobig.F.  2003  was  the  worst 
year  for  vims  outbreaks  in 
the  20-year  history  of  com¬ 
puter  viruses,  declares  a  report  by 
F-Secure  Corp.  in  San  Jose.  It  was  a 
growth  year  for  spam,  too,  and  by  De¬ 
cember,  62.7%  of  all  global  e-mail  was 
spam,  say  researchers  at  U.K.-based 
MessageLabs  Inc. 

So  it’s  not  surprising  that  CIOs  re¬ 
port  that  viruses  and  spam  are  their 
biggest  concerns  regarding  e-mail,  ac¬ 
cording  to  a  survey  by  messaging  con¬ 
sultancy  Ferris  Research  Inc.  and  Com- 
puterworld.  On  a  scale  of  1  to  4,  with  4 
being  “one  of  my  biggest  headaches,” 
viruses  and  spam  tied  with  an  average 
rating  of  3.2,  leading  the  list  of  messag¬ 
ing  issues  in  the  survey  (see  chart). 

“Viruses  and  spam?  That  sounds 
right  to  me,”  says  Robert  W.  Reeg,  se¬ 
nior  vice  president  of  systems  develop¬ 
ment  at  MasterCard  International  Inc. 
in  O’Fallon,  Mo.,  commenting  on  the 
survey  results.  “We’ve  certainly  fo¬ 
cused  on  those  areas.” 

The  Web-based  survey  had  60  valid 
responses  from  CIOs  and  other  IT 
managers  at  the  vice  president  level  or 
higher,  so  it  reflects  the  thinking  of  se¬ 
nior  executives,  not  midlevel  messag¬ 
ing  managers.  Instant  messaging,  for 
example,  ranked  as  a  low  concern  for 
these  CIOs,  but  would  probably  have 
been  a  more  significant  concern  for 
messaging  managers. 

Anecdotally,  IT  managers  are  wor¬ 
ried  that  virus  writers  are  getting 
faster  at  exploiting  flaws,  which  raises 
the  specter  of  zero-day  attacks  [Quick- 
Link  43503].  Last  summer’s  Blaster 
worm,  one  of  the  most  virulent  and 
widespread  ever,  hit  the  Internet  bare¬ 


ly  a  month  after  Microsoft  Corp.  re¬ 
leased  a  patch  for  the  software  flaw  it 
exploited.  A  variant  called  Nachi,  car¬ 
rying  a  dangerous  payload,  hit  users 
less  than  a  week  later. 

Spam  ranked  as  a  top  concern  across 
all  organizations,  regardless  of  their 
size,  industry  sector  or  mail  system. 
The  problem  affects  not  only  end-user 
productivity,  but  also  adds  administra¬ 
tive  chores  for  the  IT  organization. 

A  study  by  Nucleus  Research  Inc.  in 


Wellesley,  Mass.,  found  that  IT  admin¬ 
istrators  spend  an  average  of  4.5  hours 
per  week  managing  spam-related  prob¬ 
lems  [QuickLink  41896].  Plus,  CIOs 
may  feel  under  pressure  to  “fix”  the 
spam  problem,  which  is  a  major  irritant 
and  embarrassment  in  the  workplace. 

The  next  biggest  e-mail  concern  for 
CIOs  is  regulatory  compliance,  which 
involves  two  issues:  encrypting  e-mail 
to  ensure  privacy  and  archiving  mes¬ 
sages  to  ensure  good  record-keeping. 
As  might  be  expected,  these  issues 
were  especially  important  to  health 
care  providers  and  financial  services 
firms,  which  face  the  most  regulatory 
scrutiny  under  new  laws  such  as  the 
Health  Insurance  Portability  and  Ac¬ 
countability  Act  and  the  Sarbanes- 
Oxley  Act.  Surprisingly,  managers  in 
health  care  report  greater  concern 
about  archiving  than  their  counter¬ 
parts  in  financial  services  do. 

Another  unexpected  result  is  that 
CIOs  are  increasingly  concerned  about 
coping  with  denial-of-service  attacks, 
giving  that  a  rating  of  2.5.  Elsewhere  in 
the  survey  CIOs  seem  unconcerned 
about  e-mail  downtime,  but  apparently 
they  worry  about  hacker  attacks  that 
could  disable  e-mail  service  for  ex¬ 
tended  periods. 

Microsoft  Office  pricing  and  soft¬ 
ware  licensing  issues  are  of  high  to 
moderate  importance  to  most  respon- 


Top  Five 

Vims  control 


Bottom  Five 

Instant  messaging  from  wireless  devices 

Too  much  downtime 

11.7 


Migrating  between  e-mail  packages 

11.7 


Moving  messaging  servers  to  Linux 

11.5 


Using  the  mainframe  as  a  messaging  server 

11.3 


Base:  Ferris  Research/  Computerworld  survey  of  60  CIOs 
or  vice  presidents  of  IT. 


How  We  Did  It 

Conducted  in  November  and  December  of 
2003,  the  survey  asked  about  the  e-mail  con¬ 
cerns  of  CIOs  and  IT  executives  at  the  vice  presi¬ 
dent  level  or  above.  Computerworld  e-mailed 
subscribers  asking  them  to  fill  out  an  online 
survey.  The  replies  were  winnowed  to  60  valid 
responses,  representing  240,000  mailboxes, 
nearly  all  of  them  intheU.S. 

Respondents  were  asked  to  rate  their  level 
of  concern  about  26  messaging  issues  using  a 
four-point  scale  ranging  from  1  ("not  an  issue  I 
think  about”),  2  ("a  minor  concern”),  3  (“a  ma¬ 
jor  concern”),  up  to  4  (“one  of  my  biggest 
headaches”). 

Respondents  came  from  a  variety  of  indus¬ 
tries;  the  most  heavily  represented  were  finan¬ 
cial  services,  education,  health  care  and  manu¬ 
facturing.  Just  over  half  of  the  respondents  run 
Exchange  as  their  main  e-mail  system.  About 
15%  use  Notes  as  their  main  e-mail  system, 
and  about  15%  use  GroupWise  as  their  main 
e-mail  system.  About  75%  of  the  responding 
organizations  have  more  than  250  employees. 
■  Computerworld  research  manager 
Mari  Keefe  assisted  with  this  survey. 


dents.  These  issues  cut  across  all  types 
of  mail  systems;  in  fact,  Lotus  Notes 
users  are  more  concerned  about  Office 
pricing  than  Exchange  users  are. 

No  Worries,  Mate 

Almost  as  interesting  as  the  CIOs’ 
biggest  e-mail  concerns  are  the  issues 
about  which  they  show  the  least  con¬ 
cern:  e-mail  migrations,  Linux  and  us¬ 
ing  mainframes  as  e-mail  servers. 

Ranking  the  average  response  rates 
somewhat  masks  the  reality  that  for 
each  issue,  some  fraction  of  the  user 
population  is  deeply  concerned.  So,  for 
example,  migration  to  Linux  isn’t  a  pri¬ 
ority  for  most  managers,  but  it’s  a  top 
priority  for  a  few. 

Still,  the  general  lack  of  interest  in 
Linux  is  a  surprise,  perhaps  driven  by 
the  reluctance  or  inability  of  Lotus 
Notes,  Microsoft  Exchange  and  Group- 
Wise  users  to  migrate  to  Linux.  An 
exception  may  be  GroupWise  users; 
Novell  Inc.’s  recent  purchase  of  SUSE 
Linux  [QuickLink  42574]  may  encour¬ 
age  more  administrators  to  think  about 
running  Linux  internally. 

In  the  big  picture,  the  survey  respon¬ 
dents  have  very  little  interest  in  mi¬ 
grating  away  from  their  installed  e-mail 
systems.  Exchange  users  give  migra¬ 
tion  a  very  low  rating  of  1.4,  while 
Notes  and  GroupWise  users  say  mi¬ 
gration  is  a  somewhat  higher  concern 
(averaging  2.1  and  2.3,  respectively). 

The  reluctance  to  switch  e-mail  plat¬ 
forms  comes  in  part  from  the  cost  and 
hassle  of  converting  end  users  to  a  new 
system,  Reeg  says,  citing  issues  such  as 
training  and  the  loss  of  e-mail  archives. 
“I  don’t  see  any  business  case  [that 
would  justify  migrating],  unless  some¬ 
one’s  on  a  really  antiquated,  unsup¬ 
ported  package.” 

And  the  survey  has  bad  news  for 
IBM’s  big  push  to  get  users  to  turn 
mainframes  into  messaging  servers. 

It’s  a  minor  concern  for  CIOs,  even  in 
Notes  shops,  and  ranked  at  the  bottom 
of  the  list. 

Perhaps  the  biggest  surprise  —  for  a 
survey  of  cost-conscious  CIOs  —  is 
that  e-mail  budget  issues  such  as  total 
cost  of  ownership  (TCO)  don’t  hit  the 
top  10  concerns,  despite  the  fact  that 
e-mail  vendors  harp  on  this  issue  all 
the  time.“We  do  a  TCO  analysis  for 
our  desktops  overall,  and  the  cost  of 
e-mail  is  just  bundled  into  that,”  says 
Reeg.  “E-mail  is  almost  a  given,  just 
part  of  your  cost  of  doing  business. 
You’re  not  going  to  choose  not  to  have 
e-mail.”  ©  44143 


Ubois  is  an  analyst  at  Ferris  Research  in 
San  Francisco. 


Hospital  CIOs  struggle  to  cost- 
justify  expensive  image-archiving 
systems,  but  the  benefits  are 
clear.  BY  JOHNS.  WEBSTER 


IMAGINE  TRYING  TO  TALK  THE  CEO  of  a 
cash-strapped  hospital  into  buying  a  mul- 
timillion-dollar  IT  system.  It’s  not  an  easy 
chat,  but  that’s  the  challenge  hospital 
CIOs  face  when  trying  to  sell  management  on  pic¬ 
ture  archiving  and  communications  systems  (PACS). 
The  systems  capture,  store  and  display  patient  X-rays 
and  other  images  in  digital  form  instead  of  on  film. 

In  fact,  many  hospitals  are  balking  at  the  technol¬ 
ogy’s  high  price  tag.  Although  PACS  have  been  used 
since  the  mid-1990s,  about  two-thirds  of  U.S.  hospi¬ 
tals  haven’t  purchased  one  yet,  estimates  Jocelyn 
Young,  a  health  care  industry  analyst  at  market  re¬ 
search  firm  IDC. 

However,  CIOs  who  have  succeeded  in  purchasing 
PACS  technology  can  point  to  advantages  such  as 
cost  savings,  improved  workflow,  better  patient  diag¬ 


noses  and  even  a  competitive  advantage  over  hospi¬ 
tals  that  don’t  have  the  systems. 

“The  most  obvious  cost  avoidance  is  film  process¬ 
ing,  as  well  as  real  estate  savings  for  film  image 
archives.  But  a  lot  of  the  benefits  also  have  to  do  with 
improved  workflow  and  eliminating  mistakes  or  mis¬ 
placed  film,”  says  Young. 

The  key  to  building  a  business  case  for  a  PACS  is 
to  figure  out  which  part  of  the  business  has  the  deep 
pockets  and  passion  to  push  it  through,  according  to 
a  recent  report  by  Antonio  Garcia,  an  analyst  at  Frost 
and  Sullivan  Ltd.  “The  simple  truth  is  that  PACS  will 
cost  a  great  deal  of  money.  Success  often  depends  on 
which  department  (MIS,  radiology,  administration, 
etc.)  has  the  most  money  for  medical  IT,”  he  wrote. 

Success  in  the  Bronx 

“I  have  never  done  an  implementation  of  any  system 
that  has  so  dramatically  impacted  the  way  we  do 
business,”  says  Dan  Morreale,  CIO  at  North  Bronx 
Healthcare  Network,  one  of  six  regional  networks 
established  by  New  York  City  Health  and  Hospitals 
Corp. 

Two  years  ago,  at  a  cost  of  $6  million,  Morreale’s 
organization  went  live  with  a  PACS  in  the  Jacobi 
Medical  Center  and  North  Central  Bronx  Hospital, 
which  have  a  total  of  870  beds.  The  vendor  was  Agfa 
Healthcare,  a  unit  of  Mortsel,  Belgium-based  Agfa- 
Gevaert  NV. 

For  Morreale,  the  task  of  justifying  PACS  imple¬ 
mentation  was  made  easier  by  radiology  department 
personnel,  who  educated  physicians  about  the  bene¬ 
fits  of  the  system.  Plus,  the  IT  department  had  been 
pushing  for  a  PACS  to  complete  the  organization’s 
conversion  to  electronic  patient  records. 

As  a  result  of  its  PACS,  North 
Bronx  Healthcare  Network  saves 
almost  $2  million  per  year  by 
eliminating  costs  associated  with 
film  and  paper-based  reports 
(see  box).  “We’ve  found  that  you 
can  see  the  ROI  easily.  In  addi¬ 
tion,  we  took  the  approach  that 
this  is  a  set  of  tools  that  provides 
a  higher  quality  of  care  and  pa¬ 
tient  safety.  Those  are  the  driving 
forces,”  notes  Morreale. 

A  PACS  can  improve  patient 
care  because,  unlike  film,  digital 
images  are  available  to  multiple 
physicians  simultaneously  at  any 
time,  which  can  speed  diagnoses. 

Physicians  can  manipulate  and 
zoom  in  on  the  images  to  focus 
on  medical  problems.  The  digital 
images  are  less  likely  to  be  lost 
or  misplaced  as  well.  And  with  a 
virtual  private  network  (VPN), 
outside  experts  located  anywhere 
in  the  world  can  consult  on  pa¬ 
tient  cases. 

“Images  are  almost  immediate¬ 
ly  available.  One  hundred  per¬ 
cent  of  our  PACS  images  are 
available  to  all  of  our  physicians 
within  four  minutes,”  Morreale 
says. 


At  the  Cleveland  Clinic  Foundation,  the  key  to  re¬ 
turn  on  investment  was  tying  the  PACS  to  the  hospi¬ 
tal  information  system  (HIS)  and,  specifically,  to 
billing  processes. 

Robert  Cecil,  network  director  for  the  foundation’s 
radiology  and  cardiology  divisions,  says  that  it’s  not 
uncommon  for  radiology  bills  to  slip  through  the 
cracks  —  and  sometimes  never  even  get  issued  — 
when  the  HIS  and  radiology  information  system 
(RIS)  are  separate  entities.  Billing  paperwork  can  get 
shuffled  back  and  forth  between  departments  past  an 
insurance  provider’s  30-day  billing  deadline. 

“With  PACS,  you  can  generate  reports  with  origi¬ 
nal  order  numbers  from  referring  physicians,  along 
with  the  radiology  images,”  Cecil  says.  “For  all  that  to 
come  together,  you  have  to  integrate  the  HIS  and  RIS 
with  the  PACS,  and  then  the  patient  can  be  electroni¬ 
cally  billed.” 

Vendor  consolidation  and  standardization  of  hard¬ 
ware  components  have  also  made  systems  integra¬ 
tion  less  difficult.  In  recent  years,  a  handful  of  med¬ 
ical  imaging  vendors,  including  Philips  Medical  Sys¬ 
tems,  Siemens  Medical  Solutions  and  GE  Medical 
Systems,  have  snapped  up  many  small  suppliers  of 
various  technologies  used  in  PACS  and  now  offer 
better-integrated  systems.  This  means  hospitals  no 
longer  have  to  worry  about  cobbling  together  PACS 
components  from  a  variety  of  sources,  making  imple¬ 
mentation  easier  and  less  expensive.  In  turn,  it’s  easi¬ 
er  for  IT  managers  to  cost-justify  buying  the  systems. 

That  was  the  case  when  Canton,  Ohio-based  Mer¬ 
cy  Medical  Center  implemented  a  $4  million  PACS 
from  Philips  Medical  Systems  four  years  ago.  “The 
PACS  acquisitions  have  cleaned  up  the  market  and 
made  the  selection  and  integration  process  a  lot  easi¬ 
er,”  says  CIO  Joyce  Miller  Evans. 

In  addition  to  making  work- 
flow  more  efficient,  implement¬ 
ing  PACS  as  a  part  of  an  overall 
electronic  patient  record  system 
can  help  a  health  care  organiza¬ 
tion  stand  out  in  a  competitive 
market.  If  a  hospital  can  adver¬ 
tise  itself  as  completely  filmless, 
with  digital  medical  images  and 
records  that  can  be  viewed  si¬ 
multaneously  from  anywhere, 
that  can  help  it  attract  the  best 
medical  personnel. 

Indeed,  Evans  says  the  IT  staff 
at  Mercy  Medical  Center  has 
been  contacted  by  competing 
hospitals  that  want  to  learn  how 
the  organization  implemented  its 
PACS.  “It’s  a  competitive  market 
out  there,  and  there’s  a  real  short¬ 
age  of  good  radiologists,”  Evans 
says.  “We’re  also  looking  at  mak¬ 
ing  PACS  images  accessible  to 
radiologists  located  anywhere 
worldwide,  outside  the  hospital, 
via  a  VPN,  which  will  also  make 
us  stand  out.”  ©  44162 


Webster  is  a  freelance  writer  in 
Providence,  R.I.  He  can  be  contact¬ 
ed  atjohn.s.webster@verizon.net. 


Middleware  is  Everywhere 


Can  you  see  it? 


MIDDLEWARE  IS  IBM  SOFTWARE.  Powerful  software  like 
IBM  WebSphere.®  Using  an  open  and  scalable  foundation, 
WebSphere  software  lets  you  swiftly  respond  to  change.  On 
demand.  Applications  are  easily  updated,  tested  and  deployed 
Lead  time  is  shortened.  And  everything  clicks,  regardless  of 
platform.  WebSphere  delivers  it  all.  On  the  money.  On  demand 
(©business  on  demancTat  ibm.com/websphere/middleware 


1.  New  design  already  tested. 

2.  Suppliers  already  linked. 

3.  Procurement  already  automated 

4.  Blueprints  already  updated. 

5.  Engine  all  ready  for  takeoff. 


WebSphere 
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BRAIN  FOOD  FOR  IT  EXECUTIVES 


Who’s  Driving  IT  Alignment? 

CONVENTIONAL  WISDOM  holds  that  CIOs  should  make  sure 
IT  spending  is  properly  aligned  with  business  strategies,  and 
if  it  isn’t,  then  it’s  the  CIO’s  fault. 

But  that  thinking  is  actually  an  impediment  to  real  IT/ 
business  alignment,  says  Gopal  Kapur,  president  of  the 
Center  for  Project  Management  in  San  Ramon,  Calif.  “The 
precept  that  IT  should  align  itself  with  business  is  a  crock. 
That’s  like  saying  that  a  trailer  should  align  itself  with  a 
truck.  Just  imagine  a  parking  lot  full  of  trailers  in  search  of 
a  hitch  on  a  truck.” 

In  other  words,  corporate  executives  (the  drivers  in  the 
truck  cab)  should  be  making  sure  the  IT  organization  (the 
trailer)  follows  along,  Kapur  says.  “The  role  of  the  IT  organi¬ 
zation  is  to  have  the  right  solution  to  the  business  problem, 
not  to  decide  what  really  needs  to  be  done,”  he  adds. 

The  problem  is  that  senior  executives  have  abdicated  their 
responsibility  to  clearly  articulate  corporate  goals  and  make 
sure  IT  expenditures  contribute  to  those  goals,  Kapur  says. 
“They  give  the  CIO  millions  of  dollars  and  don’t  ask  how  it’s 


:  being  spent  and  then  complain  that  IT  isn’t  in  alignment. 

:  Whose  fault  is  that?” 

Using  a  different  analogy,  Kapur  says  an  investor  may  have 

•  a  financial  adviser  who  implements  the  transactions,  but  the 

•  investor  should  still  know  how  much  money  is  being  put 

:  where  and  establish  investment  thresholds.  -  Mitch  Betts 


Best  Bits 

The  most  useful  parts  of  recent  business 
and  IT  management  books 
THE  BOOK:  Services  Blueprint:  Roadmap 
for  Execution,  by  Ravi  Kalakota  and  Marcia 
Robinson  (Addison-Wesley,  2003). 

Take  today's  buzzwords  -  e-business,  Web 
portals,  the  real-time  enterprise,  adaptive  sup¬ 
ply  chains,  enterprise  application  integration 
and  Web  services  - 
throw  them  into  a 
blender,  and  you’ve  got 
one  big  megatrend,  the 
authors  argue.  “This 
|  .wide-ranging  transforma- 
tion  is  the  use  of  technol- 
'  ogy  to  digitize  complex 
services,"  they  say,  citing 
well-known  IT  success  stories  at  companies 
such  as  General  Electric  Co.,  Deli  Inc.,  South¬ 
west  Airlines  Co.  and  Amazon.com  Inc. 

The  services  blueprint  the  title  refers  to 
begins  with  a  single  overriding  business 
goal,  or  "focal  point,”  like  being  easy  to  do 
business  with  (known  in  this  book  by  the  acro¬ 
nym  ETDBW).  Then,  all  technology  invest- 


IT  Priorities:  2004 

1.  Cost  reduction 

2.  Security 

3.  Application  integration 

4.  Sarbanes-Oxley  compliance 

Base:  Survey  of  75  U.S.  and  25  European  CIOs 

SOURCE  MERRILL  LYNCH  &  CO,.  DECEMBER  2003 


ments  are  supposed  to  play  a  role  in  achieving 
that  goal.  The  winners  in  “services  digitization” 
will  also  have  superb  execution. 

The  best  example  of  single-minded  focus 
and  superb  execution  has  got  to  be  Wal-Mart 
Stores  Inc.,  a  company  so  successful  that  it 
now  constitutes  almost  2%  of  the  U.S.  econo¬ 
my.  Wal-Mart’s  focal  point?  “Every  day  low 
prices”  (known  as,  you  guessed  it,  EDLP).  The 
whole  point  of  Wal-Mart’s  extensive  technolo¬ 
gy  and  supply-chain  empire  -  from  the  data 
warehouse  to  the  store  replenishment  systems 
-  is  the  relentless  pursuit  of  that  goal  of,  urn, 
EDLP.  -  Mitch  Betts 


Things  to  Ponder 

■  Given  the  controversy  over  whether  com¬ 
puters  really  increase  productivity,  a  recent 
Goldman  Sachs  &  Co.  report  sniffed  that  the 
debate  seems  academic.  “A  practical  test 
would  be  to  take  them  away  and  return  to  pa¬ 
per  ledgers,  green  eyeshades  and  typewriters 
and  see  what  happens.” 

■  A  Gartner  Inc.  survey  of  113  senior  execu¬ 
tives  in  Europe  found  that  most  of  them  view 
CIOs  as  risk-averse,  not  very  influential  on 
strategic  matters  and  not  long-term  thinkers. 
Furthermore,  most  of  these  executives  think 
their  IT  departments  are  poorly  prepared  for 
the  future. 

■  Corporations  are  ramping  up  their  efforts 
to  comply  with  the  Sarbanes-Oxley  Act, 

but  they  aren’t  spending  big  bucks  on  more 
IT  applications  and  systems.  A  poll  conducted 
by  Meta  Group  Inc.  found  that  57%  of  IT  ven¬ 
dors  have  been  disappointed  by  the  lack  of 
sales  being  generated  by  Sarbanes-Oxley 
initiatives.  O  44159 


GOT  ANY  BRIGHT  IDEAS?  Send  them  to 
pitches@computerworld.com. 
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Middleware  is  Everywhere 


Can  you  see  it? 
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MIDDLEWARE  IS  IBM  SOFTWARE.  Software  like  IBM 
DB2  Content  Manager.  A  complete  and  open  solution  that 
easily  manages  and  leverages  information  from  almost 
anywhere.  Even  content  like  video  and  scanned- images  is 
easily  and  securely  accessed.  It’s  how  responsiveness 
increases,  productivity  soars  and  knowledge  becomes  power. 
(©  business  on  demand!"  Go  to  ibm.com/db2/middleware 


1.  Verifies  insurance  on  the  spot. 

2.  Files  digital  claim  in  an  instant. 

3.  Approves  estimate  at  the  site. 

4.  Orders  new  bumper  at  the  scene. 

5.  Receives  settlement  in  a  snap. 


IBM.  DB2.  the  a-buslness  logo  and  e-busincss  on  demand  are  registered  trademarks  or  trademarks  of  International  Business  Machines  Corporation  in  the  United  Stales  and/or  other  countnqs. 

2003  IBM  Corporation.  A*  r.j! .is  resolved  .  • 
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Drug  Developer 
Outsources  to  IBM 

Covance  Inc.,  a  Princeton,  N.J.- 
based  drug  development  services 
provider,  has  reached  a  seven- 
year,  $180  million  outsourcing 
agreement  with  IBM.  Under  the 
deal,  IBM  will  manage  Covance’s 
computer  and  telephone  network, 
computer  support,  e-mail  system, 
help  desks  and  data  centers  in  18 
countries.  Covance  expects  to 
reap  benefits  from  helping  its 
pharmaceutical  and  biotechnolo¬ 
gy  customers  market  new  drugs 
faster  and  more  efficiently.  The 
deal  will  also  free  up  Covance  to 
focus  more  on  its  IT  applications 
portfolio. 


Bank  Outsources 
Core  Processing 

Commerce  Bank  and  Trust  Co.  in 
Worcester,  Mass.,  in  March  will 
start  outsourcing  its  core  ac¬ 
count-processing  technology  for 
debit  cards  and  deposit  and  loan 
accounts  to  Aurum  Technology 
Inc.  in  Plano,  Texas.  Commerce 
Bancshares  Inc.,  the  holding 
company  for  Commerce  Bank, 
cited  the  need  for  more  main¬ 
frame  processing  power  after  a 
capacity  study  showed  that  Com¬ 
merce  Bank’s  18-year-old  Unisys 
system  was  reaching  its  limits. 
The  bank  has  increased  its  as¬ 
sets  from  $350  million  five  years 
ago  to  $1  billion  today.  It  will  con¬ 
tinue  to  perform  item  processing 
in-house. 


Zions  Bank  Installs 
Analytics  Software 

Zions  Bancorporation  in  Salt 
Lake  City  has  entered  a  business 
analytics  software  licensing  and 
consulting  agreement  with  Mil¬ 
waukee-based  Metavante  Corp. 
Zions  has  more  than  $27  billion 
in  assets  and  operates  more  than 
400  full-service  banking  offices 
throughout  eight  Western  states. 
The  new  software,  Business  In¬ 
telligence  Center,  will  provide  a 
companywide  view  of  the  busi¬ 
ness  units,  products  and  cus¬ 
tomer  behavior. 


PAUL  GLEN 


OME  OF  THE  MOST  IMPORTANT  lessons 
I’ve  learned  about  transforming  organiza¬ 
tions  came  from  the  struggle  to  shed  an  un¬ 
pleasant  habit. 

During  high  school  and  most  of  college,  I 


was  a  fingernail  biter.  It’s 
one  of  those  nasty  nervous 
habits  that  no  one  feels 
good  about.  My  jagged, 
raggedy,  nibbled,  nubbin 
nails  were  a  constant 
source  of  embarrassment. 

Oh,  I  tried  to  quit  many 
times.  I  tried  going  cold 
turkey.  I  tried  fining  myself 
for  every  transgression. 

I  tried  putting  foul  sub¬ 
stances  on  my  fingers.  But 
every  attempt  ended  with 
the  same  result:  a  return  to 
the  habit  and  lower  self¬ 
esteem  from  my  failure 
of  will. 

That  all  ended  when  I 
decided  to  try  a  completely 
different  approach.  One  Sunday,  I  re¬ 
solved  that  on  Monday,  I’d  stop  biting 
the  pinky  nail  on  my  right  hand.  It 
would  continue  to  be  open  season  on 
every  other  finger.  So  on  Sunday  night, 
I  filed  the  edge  of  that  one  nail  smooth 
and  waited  for  morning. 

For  an  entire  week,  I  happily  chewed 
on  nine  nails,  and  every  time  I  drew  a 
finger  toward  my  mouth,  I  looked  at 
that  one  smooth  nail.  It  looked  good, 
and  I  liked  it.  There  were  still  plenty 
of  other  nails  to  satisfy  my  habit.  It 
wasn’t  too  difficult  to  keep  that  one 
unbitten. 

The  following  Monday,  I  added  a 
second  nail  to  the  forbidden  fingers. 
On  Sunday  night,  I  filed  the  nail  on  my 
right  ring  finger  smooth  and  waited 
for  morning.  And  for  a  week,  I  had 
eight  fingers  to  fulfill  my  cravings  and 


two  to  display  my  achieve¬ 
ment. 

Then  each  week,  I  added 
another  finger  to  the  clean 
collection.  By  the  10th 
week,  I’d  completely  lost 
my  desire  to  nosh  on  nails. 
And  now,  decades  later,  I 
can  happily  report  that 
neither  the  habit  nor  the 
desire  has  returned. 

So,  what  does  this  have 
to  do  with  organizational 
change?  What  can  finger¬ 
nails  communicate  about 
how  to  improve  the  perfor¬ 
mance  of  your  manage¬ 
ment  teams  and  projects? 

As  we  all  know,  changing 
the  culture  and  behavior  of 
technical  groups  is  very  difficult.  Most 
attempts  to  improve  how  groups  func¬ 
tion  fail  miserably.  The  experience 
of  the  change  is  unpleasant,  and  the 
transformations  are  usually  temporary. 
New  processes  are  ignored.  Dysfunc¬ 
tional  behaviors  return.  Old  habits  die 
hard. 

But  I  have  found  that  a  few  princi¬ 
ples  drawn  from  my  fingernail  experi¬ 
ence  can  help  improve  the  chances  of 
success. 

Don’t  try  to  fix  everything  at  once.  Just  as 
with  technical  projects,  scope  control 
is  critical  to  success.  Since  efforts  at 
organizational  change  are  painful  and 
can  distract  attention  from  immediate 
deliverables,  most  leaders  want  to  ini¬ 
tiate  them  as  seldom  as  possible.  So 
the  natural  result  is  trying  to  change 
everything  at  once. 


Paul  etga  is  an  IT  man¬ 
agement  consultant  in 
Los  Angeles  and  the  au- 
■  ilioiofthe  award- Winning' 
bool*  Leading  Seeks:  . 
How  to  Manage  and  Lead 
y  the  People  Who  Veitvei 
Technology  { dossey*  Bass 

wwwJeadihggehkh^pm),} 
He  can  be  reached  at 
infd@c2-consuittn9.cdfn. 


But  just  as  small  technical  projects 
are  more  likely  to  succeed  than  large 
ones,  incremental  organizational 
changes  are  much  more  likely  to  stick 
than  radical  transformations. 

With  the  fingernails,  one  of  the  keys 
to  success  was  realizing  that  I  had  10 
small  problems,  not  one  big  one.  My 
problem  wasn’t  that  I  bit  my  nails,  but 
that  I  was  gnawing  on  10  distinct  fin¬ 
gernails.  Trying  to  fix  one  at  a  time 
proved  much  easier  than  trying  to  fix 
all  10  at  once. 

Make  progress  constantly  visible.  During 
the  10  weeks  during  which  I  was  work¬ 
ing  on  quitting,  it  turned  out  to  be 
very  helpful  to  see  the  smooth-edged 
nails  of  progress.  Even  though  I  knew  I 
was  still  engaging  in  the  bad  behavior, 
every  time  I  lifted  my  hand  to  chew  on 
a  nail,  I  saw  the  physical  embodiment 
of  progress  toward  my  goal.  That 
transformed  every  experience  during 
the  process  from  a  failure  to  a  success. 
Rather  than  descending  a  spiral  of  fail¬ 
ure,  I  felt  I  was  climbing  the  spiral  of 
success. 

So  it  is  with  organizational  change. 
People  have  to  see  the  signs  of  their 
own  reformation.  As  the  process  of 
change  goes  forward,  we  need  to  be 
constantly  aware  of  our  successes  and 
of  the  road  left  to  travel. 

Be  patient.  Lasting  and  valuable  trans¬ 
formations  don’t  happen  overnight. 
Just  like  New  Year’s  resolutions,  stick¬ 
ing  with  the  ongoing  process  can  be 
the  hardest  part. 

So  when  you’re  ready  to  improve  the 
effectiveness  of  your  group,  think 
carefully  about  the  features  of  your  fu¬ 
ture  group,  look  down  at  your  finger¬ 
nails  and  plan  how  you’re  going  to 
claw  your  way  through  the  process  of 
change.  ©  44167 
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IT  Careers:  IT's  Premier  Leaders  Identify  Top  Professional  Requirements 


While  some  of  the  nation's  leaders  are  quick  to 
identify  the  top  technical  skills  needed  for  IT 
professionals,  they  are  more  vehement  and 
passionate  about  what  they  consider  to  be  a 
missing  skill:  communication. 

The  hue  and  cry  from  five  of  the  premier  leaders 
in  IT  is  that  information  technology  professionals 
must  be  able  to  communicate  ideas  effectively  to 
non-technical  users,  that  they  must  be  able  to  write 
coherently  and  that  they  must  be  able  to  put  on  the 
face  of  the  end-user,  identifying  how  best  to  adapt 
technology  and  assure  that  users  can  access  it  with 
minimal  training. 

Brian  Leinbach,  CTO  for  Delta  Technology  (Delta 
Air  Lines'  IT  function)  says,  "Your  technical  ability 
has  no  value  if  you  can't  communicate  the  business 
relevance  of  it.  With  technical  degrees,  graduates 
get  maybe  two  semesters  of  English,  yet  in  the  real 
world  it's  the  first  thing  you  have  to  do." 

Of  course,  Leinbach  and  other  top  leaders,  also 
know  the  technical  challenges  that  exist  -  and 
provide  exciting  opportunities  for  IT  professionals. 
"We  have  a  great  emphasis  on  real-time 
computing,"  he  says.  "We  need  processes  and 


solutions  that  enable  decision  making.  In  airlines, 
things  have  grown  more  complicated  by  our  drive 
to  want  to  compress  time  -  for  us  that  means  every 
system  that  enables  a  flight." 

Harry  Roberts,  senior  vice  president  and  CIO  for 
Boscov's  Department  Stores,  says  the  hottest  skills 
for  IT  professionals  will  be  networking,  database 
administration  and  continued  focus  on  JAVA,  J2EE 
and  XML  languages.  "These  are  the  skills  that  hit 
business  right  where  they  live  -  data  and 
communications." 

In  the  healthcare  industry,  the  use  of  wireless 
technologies  "is  exploding,"  according  to  Linda 
Reino,  CIO  at  Universal  Health  Services  Inc.  "It's  all 
about  mobility  for  the  healthcare  provider.  That 
means  using  browser-based  technologies  in  an 
intuitive  way  that  reduces  training.  In  developing 
these  technologies  (such  as  tablets,  PDAs,  laptops), 
the  IT  professional  has  to  stop  dreaming  and  get 
down  to  the  real  operational  issues  of  how  often 
that  nurse  or  doctor  puts  the  mobility  device  down, 
its  susceptibility  to  loss,  theft  or  corruption  of  data. 
That  also  implies  a  real  need  for  security  of 
information  and  data,  too." 


Mark  Hedley,  senior  vice  president  and  CTO  at 
Wyndham  International,  points  out  that  the  skills 
required  for  technical  vs.  business  IT  roles  are 
different.  "If  you  favor  the  highly  technical  route, 
the  ability  to  gain  as  much  knowledge  about  that 
specialty,  such  as  J2EE  development,  IP  networks, 
telephony,  and  how  best  to  apply  it  is  going  to  be 
very  beneficial.  I  describe  these  individuals  as  an 
inch  wide  and  a  mile  deep."  Hedley  points  to 
technical  needs  in  advanced  network  engineering 
skills,  as  well  as  certifications  from  Cisco. 

The  management  track,  on  the  other  hand 
requires  skills  in  leadership,  management,  human 
resources,  legal,  financial,  operational  and 
relationship  building.  "These  individuals  have 
technical  skills  that  are  a  mile  wide  and  an  inch 
deep  and  will  seek  the  best  technical  resources  to 
form  a  team" 

For  more  information  about  IT  Careers  advertising, 

please  contact:  Nancy  Percival 

Vice  President,  Recruitment  Advertising 

800.762.2977 

500  Old  Connecticut  Path 

Framingham,  MA  01701 

Produced  by  Carole  R.  Hedden 
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Principle  Network  Engineer 


Responsible  for  next  generation  network  tech¬ 
nology  options;  developing  high  performance 
data/voice/video  designs;  strategic  analysis, 
plan  and  design  of  enterprise  communications 
architecture  which  integrates  voice,  data  and 
video  communications  technology.  Participates 
in  enterprise  information  technology  initiatives; 
design  building  and  installation  of  complex  net¬ 
work  environments.  Must  understand  the 
mechanics  of  network  transmission  at  all  7  lay¬ 
ers  of  the  OSI  model;  experience  in  coordina¬ 
tion,  advising,  consulting,  and  general  network 
implementation,  design  and  security  concepts. 
Fingerprinting/background  check  required. 

For  more  information  and  to  apply,  go  to: 

http://ucsfhr.ucsf.edu/careers 
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Apply  specifically  to  requisition  8290BR. 


OUR  PEOPLE  MAKE  THE 

Difference  wal*mart 


Stores,  Inc. 


We’re  Looking  for  the  Future  Leaders  of  Tomorrow 


Wal-Mart  Stores,  Inc.  has  been  recognized  by  Fortune 
Magazine  as  the  most  admired  company  in  the  world. 
As  our  company  continues  to  expand,  so  does  the 
opportunity  for  first-class,  talented  people  to  guide 
the  future  of  one  of  the  most  successful  and 
innovative  growth  companies  in  the  world. 

Put  your  career  on  a  fast  climb  and  help  us  continue  to 
set  the  industry  standard  in  information  technology. 

•  UNIX  -  C.  C++,  Administration,  Engineering, 
Informix  DBAs 

•  NT  Workstation  -  VB,VC++,  Java,  ASP,  XML 

•  IBM  Mainframe  -  COBOL,  CICS,  DB2  and 
IMS  DBAs 

•  Networking  -  Ethernet,  VSAT,  Frame 
Relay,  ATM 

•  Telecommunications 

All  positions  are  located  in  Bentonville,  AR. 


Ready  to  do  it  all?  Candidates  interested  in  joining 
our  team  should  forward  a  resume  to: 

Wal-Mart  Information  Systems  Division 
Attn:  Recruiting  Department 
805  Moberly  Lane  M4 1 
Bentonville,  AR  72716-0560 
E-mail:  lSDADS@wal-mart.com 

For  more  information,  visit  our  Web  site  at: 
www.waImartstores.com 


T  . 


WaTMart  H  An  Equal  Opportunity  Employer.  M/F/D/V 
2000  Wal-Mart  Stores,  Inc. 


CW040202E/WMW.  1 


Computerworld  •  InfoWorld  •  Network  World  •  February  2,  2004 


DATA  WAREHOUSE 
SPECIALIST 

Resp.  for  dsgng,  implmntng  & 
supporting  bus. -oriented  data 
warehousing  projects  for  co's 
clients.  Specific  duties  include: 
(i)  implmntng  bus.  rules  via 
stored  procedures,  middleware 
or  other  related  technologies;  (ii) 
defining  user  interfaces  &  func¬ 
tional  specs  based  on  client's 
bus.  needs;  (iii)  verifying  accura¬ 
cy  of  data;  &  (iv)  maintaining/ 
supporting  data  warehouse  & 
end-users.  Bach,  degree  (or 
equiv.)  in  Comp.  Sci.,  Math. 
Engnrg,  Bus.  or  Commerce  +  2 
yrs  exp.  in  position  offered  or  as 
a  Software  Engnr,  Prog./Sys. 
Analyst  or  Data  Architect  reqd. 
Exp.  must  include:  (a)  UNIX  NT 
or  Windows  or  LINUX;  (b) 
PL/SQL  or  T-SQL,  (c)  Oracle  or 
Sybase  or  SQL  Server  or  DB2; 
(d)  Informatica  or  Cognos  or 
Brio;  &  (e)  knowledge  of  ETL 
(extract,  transform  and  load). 
High  mobility  preferred.  40 
hrs/wk,  8am  -  5pm,  $66,730/yr. 
Qualified  applicants  please  sub¬ 
mit  resume  to:  Mon  Valley 
Regional  CareerLink,  Attn:  Actg. 
CL  Program  Supervisor.  Donora 
Industrial  Park,  570  Galiffa 
Drive,  Donora,  PA  15033. 
Please  refer  to  Job  Order  No. 
WEB  387720. 


Programmer  Analyst:  Design/ 
impl.intranet/client-server/ERP 
appls.  in  HP-Unix  /  Win2000 
env.  w/  Oracle  db  as  backend. 
Prepare  project  estimation  /  sys. 
prospectus,  TSD  &  SRS  using 
MS/Project2000;  generate  use 
case/class  diagram  w /  Together- 
J;  deploy  J2EE  compts  incl. 
EJB,  Servlets,  JSP.  DAO.  JDBC, 
JNDI  in  WebSphereA/VebLogic/ 
iPlanet  appl.  servers  using  XML, 
DHTML,  JavaScript,  Visual  Age. 
&  Jbuilder;  write  Applet  appls.  to 
integrate  MICR  devices,  Bar¬ 
code  Scanner  &  Transaction 
Barcode  Printers  using  COMM, 
API  &  PCL;  develop  appls., 
charts,  forms  and  reports  using 
JetChart,  VB,  Oracle  Financials 
&  Crystal  Report;  and  provide 
tech,  support.  Requires  BS  in 
Comp.Sr.  Engr.  or  MIS  plus  2 
yrs.  exp.  Full  time.  Resume  to: 
HR,  Kelly  Mitchell  Group,  Inc. 
101  S  Hanley  Rd.Ste.1100,  St. 
Louis,  M 063105.  NO  CALL/ 
EOE. 


UmeVoice,  Inc.  seeks  Software 
Engineer  for  Jersey  City  NJ  loc. 
Design  +  dev  speech  enabled 
trading  systems  +  non-speech 
financial  components  on  various 
hardware  +  software  platforms 
incl  Solaris,  Windows  NT/XP, 
Pocket  PC  2002  and  Linux; 
Analyze  complex  financial  needs, 
speech  lingo  +  usage  reqs; 
Identify  problems  to  improve 
existing  systems  +  speech  appli¬ 
cations;  Write  specs  docs;  Work 
on  technologies  incl  Voice  Recog 
(IBM  Viavoic,  Hark),  J2EE.  .NET. 
Java,  C++,  C#.  Must  have  BS  in 
Comp.  Sci,  Engineering  or  relat¬ 
ed  field  +  1  yr  relevant  exp  . 
Resume  to  H.R.,  UmeVoice, 
Inc.,  73  Digital  Dr.,  Novato,  CA 
94949. 


Corpus,  Inc.  has  multiple  open¬ 
ings  for  IT  professionals.  Follow¬ 
ing  skills  preferred:  Oracle,  SQL, 
PL/SQL,  COBOL.  C/C++,  VB, 
SAP,  Java,  XML,  ERP.  ASP.  NT. 
XSL.  Minimum  BS  degree  Tra¬ 
veling  is  required  for  some  posi¬ 
tions.  Please  send  resumes  to 
resumes@corDuslnc.com.  EOE. 

Global  Consulting  is  looking  for 
programmer/system  analysts, 
software  engineers.  Candidate 
must  have  BS  with  IT  experi¬ 
ence  Good  skills  in  C/C++, 
Java,  Oracle.  EJB.  J2BB,  Web- 
Logic,  VB,  HTML  are  plus. 
Traveling  is  required  for  some 
positions.  Apply  iob@o-c-g.net 
EOE.  No  calls. 


SOFTWARE  DEVELOPERS. 
Develop  standard  features,  inter¬ 
faces  and  complex  modules  for 
existing  or  new  software  prod¬ 
ucts  to  provide  major  feature 
implementation  to  client  base  of 
standard  customers.  Actively 
participate  in  innovative  new  de¬ 
signs,  technologies,  research 
projects  and  their  implementa¬ 
tions.  Learn  new  proprietary 
technologies  and  development 
tools,  developed  in-house,  as 
well  as  adapt  to  non-SQL  type 
databases.  Effectively  convey 
expert  research  findings  on  com¬ 
plex  technologies  to  a  wide  audi¬ 
ence.  In  order  to  emphasize 
quality,  provide  clear  and  com¬ 
plete  models  and  documenta¬ 
tion.  Develop  utilities  to  assist  in 
the  quality  control  of  the  features 
developed  (multiple  openings). 
Requires  B.S.  in  Computer  Sci¬ 
ence  or  related  field;  5  years  of 
experience  in  job  offered  or  in 
software  consulting;  must  have  5 
years  experience  programming 
in  Delphi;  experience  must  also 
include:  3  years  working  with 
SQL  databases  (Sybase,  Micro¬ 
soft  SQL  Server,  Oracle);  devel¬ 
oping  client/server  applications  - 
both  2  tier  and  3  tier;  develop¬ 
ment  of  middleware  technologies 
(MIDAS.  COM,  CORBA,  CGI, 
ISAPI);  and  development  in  a 
Web  environment  (Active  Server 
Pages,  JavaScript).  Must  have 
proof  of  legal  authority  to  work  in 
the  United  States.  Send  resume 
with  Social  Security  Number  to 
Andrea  Weston,  Ontario  Sys¬ 
tems,  1 1 50  West  Kilgore  Avenue, 
Muncie,  IN  47305. 


V.L.S.  Systems  is  a  software 
development  and  consulting  co 
with  multiple  openings  for  Soft¬ 
ware  Engineers,  DBA's,  Pro¬ 
grammer  Analysts.  QA  Testers 
and  Project  Managers  to  work 
at  client  sites  in  VA,  IL,  PA  and 
other  sites  throughout  the  U.S. 
Individuals  must  have  a  mini¬ 
mum  of  a  Bachelor  Degree  and 
two  years  relevant  experience. 
We  are  seeking  individuals  with 
various  combinations  of  the  fol¬ 
lowing  skills:  Siebel,  Oracle 
Apps,  Peoplesoft,  SAP,  MS 
SQL,  SCADA,  DB2,  Sybase, 
Abinitio,  Tuxedo,  OLAP,  ETL 
development,  Business  Miner, 
VSAM,  Mercator,  Endevor, 
SeeBeyond,  C#,  C++,  VC++, 
ASP.NET,  .net  technologies, 
Business  objects,  Java,  J2EE, 
JNDI,  Java  Script,  EJBs,  Cold¬ 
fusion,  Perl,  HTML,  Cobol, 
CICS,  MVS/ESA,  Unisys, 
COM+,  MTS,  Cognos,  Web¬ 
sphere,  Weblogic,  WSAD, 
MVC  Architecture,  Unix,  Win¬ 
dows  NT,  embedded  related 
tools.  Apply  to:  V.L.S  Systems, 
9900  Main  St,  Suite.  304, 
Fairfax,  VA  22031. 


PROGRAMMER  ANALYSTS 
for  Cheyenne,  WY  office.  Devel¬ 
op  &  maintain  software  applica¬ 
tions  using  Oracle,  SQL  Server, 
Erwin,  Linux,  Sybase,  XML, 
UML,  Interwoven,  Coolgen, 
ClearCase,  ClearQuest,  Plum- 
tree,  PVCS,  UNIX.  Bachelors  or 
Equivalent  reqrd  in  Computers, 
Engineering,  Math  or  related 
field  of  study  +  lyrs  of  related 
exp.  40  hrs/wk;  Must  have  legal 
authority  to  work  permanently  in 
the  U.S.  Send  resume  to  HR 
Manager,  Globalways,  Inc, 
39176  B,  State  St,  Fremont,  CA 
94538. 


PROGRAMMER  ANALYSTS 
for  Cheyenne,  WY  office.  De¬ 
sign  &  Develop  software  appli¬ 
cations  using  C++,  Oracle, 
Sybase,  XML,  UML,  Coolgen, 
Interwoven,  ClearCase,  Clear¬ 
Quest,  PVCS,  UNIX.  Bachel¬ 
ors  or  Equivalent  req'd  in 
Computers,  Engineering,  Math 
or  related  field  of  study  +1  yrs 
of  related  exp.  40  hrs/wk.  Must 
have  legal  authority  to  work 
permanently  in  the  U.S. 
Contact  HR  Manager,  Global 
Infotech  Solutions.  Inc,  826 
West  Laurel,  Suite  IB, 
Springfield,  IL-62704. 


Computer  Programmers 

Design  and  develop  Data¬ 
warehousing  and  Business 
Intelligence  solutions. 

Min.  Educ.  Bachelor's 
degree  or  equi.  Some  posi¬ 
tions  require  Master's 
degree  or  equi.  Min.  Exp.  2 
years.  Job  may  involve 
working  at  various  locations 
throughout  the  US. 

Please  send  resumes  to 
Selectiva  Systems.  Inc. 
3333  Warrenville  Rd., 
Suite  200 
Lisle,  IL  60532. 


Global  Innovative  Solutions,  Inc. 
has  opening  for  Chief  Financial 
Officer  w/Masters  or  equiv  in 
Finance  Admin.  Bach  w/at  least 
5  yrs  progressive  exp  in  job  offd 
or  as  Accounts  Officer  or  CEO 
acceptable.  Responsibilities  incl. 
overseeing  all  corporate  fin'l  & 
acctg  functions  in  US  &  India 
offices,  &  formulating  &  adminis¬ 
tering  co's  overall  fin'l  plans  & 
policies.  Must  have  knowl  of 
Transfer  Pricing,  Concepts  of 
Costing  on  Cost  Drivers,  Mgmt. 
Audit,  &  US  &  Indian  tax  laws,  & 
have  legal  auth  to  work  in  US. 
Excellent  pay  &  benefits.  Email 
resume  w/proof  of  work  status 
to:  gis@global-innovative.com 


Computer 

Channell  Construction  Com¬ 
pany,  Inc.  (Omaha,  NE)  has 
an  opening  for  an  IT  Consul¬ 
tant/Systems  Analyst  with 
the  following  skill  sets:  C++, 
Visual  Basic,  Java,  Java¬ 
Script,  Oracle,  HTML,  ASP, 
Photoshop,  UML,  Microsoft 
Office  Package,  Windows 
NT  &  2000,  UNIX,  TCP/IP, 
with  1-3  yrs  of  exp  with  rele¬ 
vant  degree.  Top  $$.  Mail 
resume  to:  5697  N  13th  St., 
Omaha,  NE  68110.  An  EEO 
Employer. 


Software  Engineer 
needed  w/exp  in  using 
Java,  JFC,  Swing, 
AWT,  Windows,  GUI, 
Java-Doc,  HTML, 
UML,  i18  architecture, 
XML,  SAX  &  DOM 
parsers.  Mail  resumes 
to:  Ebusinesscorp  Inc., 
209  West  Central  St., 
Suite  #106,  Natick,  MA 
01760. 


Computer:  Software  Engin¬ 
eers  needed.  Seeking  can¬ 
didates  with  BS  or  equiv. 
and/or  rel.  work  exp.  De¬ 
velop  software  system  & 
applications  using  ESM  w / 
client  to  improve  technology 
&  human  resource  interfac¬ 
ing;  Analyze  &  design  pro¬ 
grams  to  meet  user  needs. 
Mail  res.,  ref.  &  trans.,  & 
Sal.  Req.  to  L-Cube 
Innovative  Solutions,  Inc.,  2 
Enterprise  Dr.,  Suite  303, 
Shelton,  CT  06484. 


Software  Engineers/Data  Base 
Design  Analysts,  Cheyenne,  WY 
-  Analysis,  Design,  Develop¬ 
ment,  Testing  and  Imple¬ 
mentation  of  computer  software 
systems,  applications  and  data¬ 
base  systems.  B.S.  in  Computer 
Science,  Eng.,  or  related  field 
with  experience  in  C,  C++,  ASP, 
VSS,  SQL  Server,  XML,  and 
.NET.  Mail  resume  to 
DatamanUSA,  LLC,  Attn.  HR, 
1107,  West  Sixth  Avenue, 
Cheyenne,  WY  82001  or  email 
to  Jobs_WY@datamanUSA.com. 


R  &  D  PROGRAMMER  - 
Research,  develop,  program  & 
test  web  applications  in  English 
&  Korean  using  Perl,  CGI, 
HTML,  Coldfusion  &  MySQL  on 
Windows  &  Linux;  QA,  debug, 
test  &  create  reports;  Identify 
program  modules  &  research  for 
web  site  development;  On-line 
tech  support  &  solutions  in 
English  &  Korean;  Require:  B.S. 
in  Comp.  Sci.  or  IT  &  2  yrs.  exp. 
in  job  offered.  40  hr/wk.  Res: 
President,  300  Colonial  Cntr. 
Pkwy.  #150,  Roswell,  GA  30076. 


Seeking  DBAs  &  Oracle 
DBAs  (S70-75K),  Oracle 
ProC  Developers  & 
Systems  Analysts  ($83- 
85K)  for  various  US  loca¬ 
tions.  BS/BA  in  relevant 
field  +  2yrs  exp.  Resume  to 
Upp  Business  Systems, 
3075  Highland  Parkway, 
Downers  Grove,  IL  60515. 


Programmers  to  design  software 
appls  using  RDBMS,  Oracle 
Databases,  lnformix-4GL,  Infor¬ 
mix  Online,  SQL  Server,  VB, 
Power  Builder,  etc.  under  UNIX 
OSs;  program,  test  and  debug 
user  interfaces  and  supporting 
database  objects;  analyze,  re¬ 
view,  and  rewrite  programs  to 
increase  operating  efficiency 
and  adapt  program  to  new  reqs. 
Require  candidates  with  BS  or 
foreign  equiv.  in  CS/Engg.  (any 
branch)  &  1  yr  exp.  in  IT.  Com¬ 
petitive  salary,  F/T,  travel  in¬ 
volved.  Resume  to  HR, 
Ordusion  Technologies,  Inc., 
3883  Rogers  Bridge  Road,  Suite 
504,  Duluth,  GA. 


Website  Designer 

Design  websites  in  French, 
French/Japanese,  and  English 
Japanese  using  HTML,  Adobe 
Photoshop,  Adobe  Illustrator, 
Macromedia  Fireworks,  Mac¬ 
romedia  Dreamweaver,  Mac¬ 
romedia  Flash,  QuarkExpress, 
Microsoft  Word,  Microsoft  Ex¬ 
cel,  Microsoft  PowerPoint,  PC 
and  Mac  platforms.  Min:  BA  in 
French  or  Japanese.  40  hr/M- 
F.  Send  resume:  Symbiosis 
Systems,  Inc,  7094  Peach¬ 
tree  Ind.  Blvd.,  Suite  370, 
Norcross,  GA  30071-1024. 


www.itcareers.com 


is  the  place  where 
your  fellow  readers 
are  getting  a  jump  on 
even  more  of  the 
world's  best  jobs. 

Now  combined  with 
CareerJournal.com, 
you  have  more  jobs 
to  choose  from. 


Stop  in  for  a  visit 
and 

see  for  yourself  at: 


www.itcareers.com 
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Prog/Analysts  to  analyze,  de¬ 
sign,  develop  and  implement 
client  server,  web  appls  using  C, 
C++,  Java,  Swing,  XML,  HTML, 
JDBC.  HTML,  JavaScript  JSP, 
ASP,  EJB.  J2EE,  Oracle,  PL/ 
SQL,  Websphere,  Weblogic  un¬ 
der  UNIX/Windows  OS;  docu¬ 
mentation  program  develop¬ 
ment  logic,  coding  and  correc¬ 
tions;  provide  customer  support 
and  troubleshoot  Require:  BS 
or  foreign  equiv.  in  CS/Engg. 
(any  branch)  with  2  yrs  of  exp.  in 
IT.  Travel  Involved.  Comp. 
Salary.  F/T.  Resumes  to:  HR, 
Synergy  America,  Inc.,  6340 
Sugadoaf  Parkway,  Ste  140, 
Duluth,  GA  30097. 


PROGRAMMER  ANALYSTS 
for  Casper,  WY  office.  Design 
&  Develop  software  applica¬ 
tions  using  C++,  Oracle, 
Sybase,  XML,  UML,  Coolgen, 
Interwoven,  ClearCase,  Clear- 
Quest,  Plumtree,  PVCS,  UNIX. 
Bachelors  or  Equivalent  req'd 
in  Computers.  Engineering, 
Math  or  related  field  of  study 
+1  yrs  of  related  exp.  40 
hrs/wk.  Must  have  legal 
authority  to  work  permanently 
in  the  U.S.  Contact  HR 
Manager,  Allied  Business 
Consulting,  Inc.,  2906  Merry 
Wood  Drive,  Edison,  NJ-08817 


COMPUTERS  -  Sr.  Software 
Consultants  needed.  Seeking 
qual.  cand.  possessing  MS/BS 
or  equiv.  and/or  rel.  work  exp. 
Part  of  the  exp.  must  include  2 
yrs.  working  with  network 
administration  &  1  yr.  working 
with  Unix  system  administration, 
Visual  Basic  &  ASP.  (Exp.  can 
be  simultaneous).  Duties  in¬ 
clude:  Design,  develop  &  imple¬ 
ment  IBM  Websphere  software 
products  &  systems;  Work  with 
Visual  Basic.  ASP,  Javascript, 
HTML,  MQ  Series  &  NetData. 
Fwd.  resume  &  ref.  to:  e- 
Emphasys  Tech.,  Attn:  HR,  219 
E.  Chatham  St,  #102,  Cary,  NC 
27511. 


Programmer  Analyst  w/exp 
in  client-server  application 
using  Java,  Oracle,  Oracle 
forms/reports,  VC++,  Visual 
Basic  &  DAO.  Create 
Reports  w/Crystal  Reports. 
Use  ASP,  Peri,  Visual  Basic 
Script,  Java  Script  &  HTML. 
Mail  Resume  to:  Summit 
Medical  Clinic,  PC.,  1605 
North  Union  Blvd.,  Suite 
#200,  Colorado  Springs, 
CO  80909. 


Programmer  Analyst  III.  Pro¬ 
vide  programming  support  for 
mutual  funds,  annuities,  retire¬ 
ment  plans  and  commission 
tracking/payment  systems  in¬ 
cluding  full  life-cycle  application 
support,  analysis,  design,  de¬ 
velopment,  system  modifica¬ 
tion,  testing,  set-up,  reporting 
and  creation  of  documentation. 
Develop  Microsoft  client  server 
and  web  development  solu¬ 
tions  for  company's  customers. 
Must  have  Bachelor’s  in  Comp. 
Sd„  Engg.  or  related,  1  yr. 
exp.,  and  knowledge  of 
NaviSys  LifeCAD/MP  (Home 
Office),  Microsoft  SQL  Server 
2000  and  XSLT.  Send  resume 
to:  Connie  Reynolds,  Human 
Resources,  Security  Benefit 
Life  Insurance  Co.,  One 
Security  Benefit  Place,  Topeka, 
KS  66636. 


Prog/Analysts  to  analyze,  de¬ 
sign,  test  client  server/web  appls 
with  OOAD  methodologies  using 
Java,  VB,  EJB.  Sen/lets,  JScript, 
XML,  HTML,  Oracle,  SQL, 
JDBC,  Access,  Weblogic,  etc  in 
Windows  OS;  analyze  business 
processes,  determine  reqs,  gen¬ 
erate  reports;  perform  onsite/off¬ 
site  maintenance;  document, 
debug,  test,  perform  code  opti¬ 
mization.  Require:  BS  or  foreign 
equiv.  in  CS/Engg  (any  branch) 
&  2yrs  exp.  in  IT.  Competitive 
salary.  Travel  involved.  F/T.  Res¬ 
ume  to:  HR,  Bahwan  Cybertek 
Technologies,  Inc.,  209  West 
Central  Street,  Ste  312,  Natick, 
MA  01760. 


Software  Engineer  wanted 
to  design,  develop,  modify 
and  maintain  e-procure- 
ment  solutions,  and  perform 
related  duties.  Master  in 
Computer  Science  and 
experience  required.  Send 
resume  to  ICS,  P.O.  Box 
3298,  Johnson  City,  TN 
37602. 


Simplex  Info  Systems  is  an 
Information  Technology  Consult¬ 
ing  Company.  Our  company  cur¬ 
rently  has  opening  for  the  follow¬ 
ing: 

Senior  System  Analysts:  An¬ 
alyze,  design,  develop,  test, 
implement,  maintain  and  sup¬ 
port  application  software  using 
COBOL,  PL/1,  MQ  Series,  IMS 
DB/DC,  J2EE,  SAS.  Requires 
Bachelors  in  Computer  Science/ 
Engineering  or  Related  and  2 
years  experience. 

Send  resume  to:  HR  Manager, 
Simplex  Info  Systems,  Inc.  76 
Northeastern  Blvd.,  Suite  32C 
Nashua,  NH  03062,  or  email  to: 
resumes@simplexinfo.com 


Research  &  Applications  Spec¬ 
ialist  -  Dvlp  large  complex  em¬ 
bedded  real-time  systems  & 
commercial  enterprise  systems. 
Plan  &  direct  dvlpmt,  installation, 
maintenance  &  modification  of 
mission-critical  applies  on  large 
multi-user  systems.  Lead  &  pro¬ 
vide  research  &  engg  direction. 
MS  +  5  yrs  or  PhD  +  2  yrs  exp 
reqd.  Must  have  1  yr  exp  in  C,  in 
C++  &  Java,  6  mos  w/SAGE 
Integration  technologies,  1  yr  in 
DSP  using  VxWorte,  1  yr  in 
enterprise  architectures,  1  yr 
w/source  control  dvlpmt  tools,  & 
6  mos  in  dvlpg  algorithms  spe¬ 
cific  to  resource  optimization 
techniques. 

Software  Architect  -  Research, 
dsgn,  dvlp  S  test  operating  sys- 
tems-level  s/ware,  compilers  & 
n/work  distribution  s/ware  for 
embedded  real-time  &  enter¬ 
prise  applies.  MS  +  3  yrs,  BS  +  6 
yrs  or  PhD  +  1  yr  exp  reqd. 
Must  have  1  yr  exp  w/each  of 
SAGE  Integration  &  SPI  tech¬ 
nologies;  2  yrs  combined  exp 
w/embedded  systems  dvlpmt 
methodologies  &  real-time  oper¬ 
ating  systems  frameworks  incl. 
VxWorks,  PSOS. 

Competitive  Salary  &  benefits. 
Apply  to:  Human  Resources, 
Tandel  Systems  LLC,  12401 
62nd  Street  North,  Unit  201, 
Largo,  FL  33773-3786. 


IndusValley  Consultants,  Inc.,  is 
a  global  IT  systems  integration 
and  solutions  firm  has  openings 
for  the  following:  Software  En¬ 
gineers:  Research,  Architect, 
Integrate  distributed  applications 
utilizing  various  software's  such 
as  SAP  R/3,  Clarify,  Siebel,  Or¬ 
acle  Apps,  Visual  Basic,  Java. 
Tibco.  Provide  leadership  to 
complete  design  solutions,  write 
code,  perform  testing,  provide 
documentation,  and  implement 
development  projects.  Need 
Master's  Degree  in  Computer 
Science  or  related  and  2  years 
of  experience.  Programmer  Ana¬ 
lysts:  Plan,  test  and  develop 
web  applications  for  ERP  and, 
CRM  packages.  Design  and 
develop  client-server  applica¬ 
tions  using  Java,  ASP,  VB,  C, 
Clarify,  Siebel  and  AutoCAD- 
2002.  Interact  with  clients  to 
design  the  functions  of  software 
according  to  client  specifica¬ 
tions.  Need  Bachelor's  Degree 
in  Computer  Science  or  related 
and  2  years  of  experience.  Send 
resume:  HR  Manager  401  E. 
8th  SL,  Ste.  #  200Y,  Sioux  Falls, 
SD  57103.  E-mail:  sam@lndus 
valley.com  fax:  800-440-1907. 


Sr  Systems  Analysts  to  manage 
projects  to  design,  develop, 
test,  implement,  maintain  and 
support  business  appls  using 
Oracle  Financial  and  Manuf 
appls,  Oracle,  SQL,  Dev  2000 
in  Windows/UNIX  envir;  plan, 
direct,  coordinate  activities  of 
projects  on-time  and  on-budget; 
analyze  business  reqs  of  clients 
and  re-engineer  business 
appls.  Require:  Master’s  in 
CS/Business  and  1  yr  exp  in  IT. 
Travel  involved.  F/T  position. 
Competitive  salary.  Resume  to: 
HR,  Quest  America,  Inc.,  211 
East  Ontario  Street.  Suite  1800, 
Chicago,  IL  60611. 


PROGRAMMER/ANALYST  to 
analyze,  design,  develop  and 
implement  digital  imaging  appli¬ 
cation  software  for  medical 
imaging  devices  using  C,  C++, 
VC++,  MFC,  XML,  COM, 
JavaScript  and  HTML  on 
Windows  2000  platform; 
Implement  an  embedded  mod¬ 
ule  in  Tornado  and  IxWorks  for 
calibration  of  hardware  to 
acquire  cardiac  and  RF  images 
using  COM,  HTML  and 
JavaScript;  Develop  detailed 
design  documents  and  technical 
specifications  as  part  of  DCP 
process  during  product  devel¬ 
opment.  Require:  B.S.  degree  in 
Computer  Science/Engineering, 
or  a  closely  related  field  with  2 
yrs  of  exp  in  the  job  offered;  A 
M.S.  degree  with  a  demonstrat¬ 
ed  ability  to  perform  the  stated 
duties  gained  through  academ¬ 
ic  coursework/previous  work 
experience  will  be  accepted  in 
lieu  of  the  B.S.  degree  and  2  yrs 
of  exp.  Competitive  salary 
offered.  Send  resume  to:  Amy 
Ryan,  Infimed,  Inc.  121 
Metropolitan  Drive,  Liverpool, 
NY  13088;  Attn:  JobAP. 


SYNAPSE  GROUP.  INC.,  a 
leading  computerized  magazine 
marketing  company,  is  looking  to 
hire  a  qualified  Database 
Administrator  to  set-up  and 
maintain  the  internal  data  ware¬ 
house  database  and  the  related 
IIS  site  functionality;  to  integrate 
the  database/content  serving 
modules  in  both  SQL  Server  and 
Oracle  environments;  and  to 
develop  internet  applications  for 
the  quality  control  and  manage¬ 
ment  of  document  and  market¬ 
ing  accounts.  Qualified  appli¬ 
cants  are  required  to  possess  at 
least  a  Bachelors  degree  in 
Engineering,  Computer  Science 
or  it's  equivalenL  Sound  knowl¬ 
edge  in  internet  applications, 
Java/Java  Servlets,  HTML, 
SQL,  Unix  and  ORACLE  pre¬ 
ferred.  The  company  offers  a 
competitive  compensation/ben¬ 
efit  package  and  an  environment 
where  achievements  are  recog¬ 
nized  &  professional  growth  is 
encouraged.  Qualified  appli¬ 
cants  are  encouraged  to  mail 
resumes  to:  HR  DepL,  Synapse 
Group,  Inc.,  Four  High  Ridge 
Park,  Stamford,  CT  06905. 


Premier  Technologies,  Inc.,  is 
one  of  the  IT  Industry's  fastest 
growing  leaders.  We  provide 
world-class  services  in  the  area 
of  web-based  applications.  We 
are  looking  for  the  following: 

Programmer  Analysts:  Design 
and  develop  in  PeopleSoft  8.x 
HRMS  including  PeopleTools, 
App  Engine,  Component  Inter¬ 
faces,  workflow,  security,  sqrs. 
DB2,  SQL  Server,  Oracle,  UNIX 
and  NT.  Develop  programs  us¬ 
ing  Java,  ASP,  XML,  JavaScript, 
VB  Script  and  Plumtree  portal. 
Requires  a  Bachelor’s  in  Com¬ 
puter  Science  or  related  field 
and  2  years  of  experience. 

Send  Resume  to:  Premier 
Technologies,  Inc.  12808  West 
Airport  Blvd.  Suite  #230  Sugar 
Land.  TX  77478.  E-mail: 
info@premiema.com 


Software  Engineer/ 
Programmer  Analyst/ 
Systems  Analyst/ 
Database  Administrator 
(Multiple  Openings) 

Must  have  bachelors  degree  or 
equivalent  and  experience  in 
some  of  the  following  skills:  ERP 
(SAP,  PeopleSoft,  Oracle  Apps, 
Baan),  CRM  (Seibel,  Clarify, 
Vanfive),  C/C++,  Java,  Microsoft 
Technologies  (Visual  Basic, 
.Neb  ASP),  Data  Warehousing 
Tools  (Informatica.  Data  Stage. 
Abinitio,  Business  Objects,  Cog- 
nos,  Micro  Strategy,  Brio,  SAS), 
Mainframe  (Cobol,  CICS,  JCL, 
VSAM)  AS400,  Databases  (SQL 
Server  /Oracle  /DB2  /  Sybase), 
and  QA  (Win  Runner,  Load  Run¬ 
ner,  Silk)  in  Windows  (95/98/ 
2000/NT/XP)  and/or  UNIX  (Sun 
Solaris/HP/AlX)  and/or  Linux  op¬ 
erating  systems.  Must  be  able  to 
travel  or  relocate  nationwide. 
Attractive  compensation  pack¬ 
age.  Mail  resume  to:  resumesiBi 
isrinfo.com  Or  Human  Resourc¬ 
es  Director,  ISR  Info  Way,  Inc., 
559  D’Onofrio  Drive,  Suite  101, 
Madison,  Wl  53719.  Only 
email/mailed  resumes  accepted 
(No  Walk  Ins). 


User  Support  AnalysL  Aurora, 
CO.  BS  Engineering,  Comp. 
Sci.,  CIS  or  equiv.+  1  yr  exp.  in 
the  job  M-F  /  8  am  -  5  pm 
$41 ,850  per  yr.  Solve  tech  prob¬ 
lems  &  monitor  ntwrk  equipt. 
Maintain  LAN/WAN  security  for 
internal  &  external  users  Utilize 
in  depth  knowledge  of  trou¬ 
bleshooting  procedures,  routers 
&  routing  protocols.  Use  LAN/ 
WAN  protocols,  ntwrk  cabling, 
(RG  58,  CAT5  &  Fiber  Optic),  & 
existing  security  features.  Co¬ 
ordinate,  requisition  &  doc.  inte¬ 
gration  of  fast  connectivity 
issues  involving  LAN/WAN  & 
RAS  connections.  Utilize  server 
architecture  &  all  RAID  func¬ 
tions.  Implement  system  backup 
&  recovery  according  to  specific 
hdware/sftware.  Resolve  web 
server  probs.  Use  built  in  func¬ 
tions  of  Windows/Unix  systems 
&  architecture.  Must  have  work 
authority.  Resumes  to:  PO  Box 
46547,  Denver,  Co.  80202. 
Refer  to  order  #:  CO5065919. 


SOFTWARE  ENGINEER  to 
design,  develop  and  maintain 
application  software,  LAN  proto¬ 
cols  and  Layer  2&3  features  for 
switches  using  C  on  UNIX  plat¬ 
form;  Perform  hardware  func¬ 
tional  verification  and  software 
testing  using  GDB,  Forth  debug¬ 
ger,  IXIA,  Pagent  and  SmartBits; 
Develop  functional  and  design 
specifications.  Require:  M  S. 
degree  in  Computer  Science/ 
Engineering,  or  a  closely  related 
field  with  two  years  of  experi¬ 
ence  in  the  job  offered  or  as  a 
Programmer/  Analyst.  Extensive 
travel  on  assignment  to  various 
client  sites  within  the  U.S.  is 
required.  Competitive  salary 
offered.  Apply  by  resume  to: 
Rajender  Gaddam,  Orpine 
Enterprises,  LLC,  1004  Crooked 
Creek  Court,  Mableton,  GA 
30126;  Attn:  Job  SP. 


KMI,  a  division  of  PAREXEL,  is 
looking  for  an  IS  Consultant, 
Validation  for  its  RTP  office  at 
2520  Meridian  Parkway.  Suite 
200,  Durham,  NC.  Position  will 
provide  broad  range  of  consult 
ing  services  for  IS  &  FT  project 
implementation  and  provide 
consulting  on  appropriate  equips 
ment  vafidalion  strategies,  test¬ 
ing  documentation,  and  SDLC- 
related  documents.  Must  have 
Bachelor's  or  equiv  in  Computer 
Science,  Elect  Engg  or  related  + 
6  yrs  w/  SDLC,  project  manage- 
merrt,  &  software  quality  assur¬ 
ance  &  implementation.  W/in  6 
yrs,  must  have  1  yr  w/Oracle, 
PL/SQL,  SAS  programming,  val¬ 
idation,  Oracle  clinical  based 
research  data  management,  and 
SAS  based  statistical  reporting 
systems  in  a  clinical  field.  Send 
resume  to  HR  -  Job  #102NI, 
KMI/PAREXEL,  195  West 
StreeL  Waltham,  MA  02451  or 
HR@parexel.com. 


Manager  of  Client  Services 
The  position  of  Technical 
Manager  requires  the  incumbent 
to  manage  the  staff,  including 
supervisors,  leads  and  associ¬ 
ates.  They  are  responsible  for 
hiring,  performance  appraisals, 
salary  management,  termination 
decisions,  discipline,  counsel¬ 
ing,  training  and  motivating.  In 
addition,  the  Technical  Manager 
will  review  subordinates  perfor¬ 
mance  and  skills  and  recom¬ 
mends  appropriate  training. 
They  are  further  responsible  for 
ensuring  department  resources 
(i.e.  capital  and  staff)  needs  are 
brought  to  the  attention  of  the 
next  level  of  management. 
Must  have  Bachelors  Degree  in 
CS  or  foreign  equivalent  w/abili- 
ty  to  use:  UNIX  and  Progress 
and  the  ability  to  manage  and 
organize  IT  professionals.  40.0 
hrs./wk  9:00  AM  -  6:00  PM  Send 
cover  letter  and  resume  to: 
McCamish  Systems,  LLC,  6425 
Powers  Ferry  Road,  3rd  Floor, 
Atlanta,  GA  30339,  Attn:  Donna 
Pertmutter. 


Seeking  qualified  applicants  for 
the  following  positions  in  Or¬ 
lando,  FL:  Senior  Programmer 
Analyst.  Devise  or  modify  pro¬ 
cedures  or  perform  systems/ 
applications  testing  to  solve 
complex  problems  considering 
computer  equipment  capacity, 
limitations,  operating  time  and 
form  of  desired  results.  Re¬ 
quirements:  Bachelor's  degree* 
in  computer  science,  MIS,  engi¬ 
neering  or  related  field  plus  5 
years  of  experience  in  sys¬ 
tems/applications  development 
and/or  testing.  Experience  with 
Unix  and  SQL  also  required. 
"Master's  degree  in  appropriate 
field  will  offset  2  years  of  gener¬ 
al  experience.  Submit  resumes 
to  Sibi  George,  FedEx  Corpor¬ 
ate  Services.  1900  Summit  Tow¬ 
er  Blvd.,  Suite  1400,  Orlando, 
FL  32810.  EOE  M/F/D/V. 


IT  Education  &  Training 

Contact  the  companies  listed  below 
to  help  you  with  your  training  needs! 


I  ,?-?  iPexpert,  Inc.  ■CBT Nuggets 

,^1  (866)225-8064  ■  (888)  507-6283  &  (541 )  284-5522 

?£  £  '  \,\  1  4$  *  *£  www.ipexpert.com  www.cbtnuggets.com 

fter  *  ft  •  ;|  +1*31  CCIE  (R&S,  SEC,  and  C&S),  CCSP,  Affordable  training  videos  on  CD 

*1?  *  ‘  r  *  ijf  CCNP,  CCNA,  IP  Telephony  MCSE,  MCDBA,  MCSD,  CCNA, 

A  £  f  M&at  ^  ^  -aft  %#>  jjfll  Citrix,  Linux,  A+,  Net  + 


Transcender 

(615)  726-8779 
www.transcender.com 
Award-winning  practice  exams 
for  IT  certification 


Directory 

To  place  your  ad  please  call  800-762-2977 
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SUMMIT 


HR  Summit  2004 

Hyatt  Regency  Chesapeake  Bay  Golf  Resort  &  Spa  ]  Cambridge,  MD 
February  22-24,  2004 

’’you  ean  design  and  create, 

and  build  Ihc  most  wonderful  place  - 


“  In  order  to  maintain  a  »-%.  I  <T\ 

in  the  world,  ©ut  it  requires  PCOPlC 

iiisS  to  make  It  a  reality* 

and  new  solutions. 


to  make  It  a  reality.' 


Walt  ©isncy 


Come  and  see  Keynote  Presenters  Cheryl  Moore,  VP, 
Organization  Development  and  Training,  WellPoint 
Health  Networks  and  Philip  Harlow,  Chief  Diversity 
and  Employee  Advocacy  Officer,  Xerox  Corporation 
at  the  2004  HR  Summit. 


Staff  Software  Engineer 

Pitney  Bowes  Inc.  has  an  open¬ 
ing  in  its  Danbury.  Connecticut 
office  for  a  Staff  Software 
Engineer. 

Design,  develop,  maintain  and 
support  an  Automated  Doc¬ 
ument  Factory  Application  in 
J2EE  Architecture  using:  Java. 
JSP,  Servelets,  JRun,  Webtogic. 
IPIanet  Servers,  Orade  8L/9i 
Database  and  Windows  NT 
2000 ^98  OS.  Responsible  for 
Realtime  Data  Collection  and 
interfacing  with  Control  Systems 
using  Sockets,  TCP/IP  and 
XML.  Supports  the  software 
applications  and  modules. 

Must  possess  at  least  a  bache¬ 
lor's  degree  or  its  equivalent  in 
Computer  Science  or  a  related 
field  and  three  years  of  work 
experience  as  a  Programmer. 
Experience  must  indude  at  least 
three  years  of  experience  with 
Java,  Java  Server  Pages, 
Servelets,  at  least  two  years  of 
experience  with  Realtime  Data 
Collection,  data  Consolidation 
across  Enterprises  using 
Sockets,  TCP/IP,  XML.  JRUN. 
Weblogic.  IPIanet  Servers. 
Orade  8i/9i  database  and 
Windows  NT/2000. 

Resume  and/or  cover  letter 
must  reflect  each  requirement 
above  and  specify  reference 
code  SSE'SK  or  it  will  be  reject¬ 
ed. 

Forward  resume  to  Robbin  Drew 
Elliott,  Pitney  Bowes  Inc.,  One 
Elmcroft  Road.  Stamford.  CT 
06926-0700. 


Find  out  more  about  attending  TODAY! 

Visit  www.humanresourcessummit.com 


T.  Junkxs.  Inc.  has  openings  for 
Network  Administrators  in  NY  8 
NJ.  Reqs.  ind  at  least  2  yrs.  &  6 
mos  exp.  in  network  systems 
admin.  EDI  8  prgmg.  Analyze, 
dsgn,  dvlp,  test,  integrate, 
admin,  customize  8  maintain 
network  systms  &  infrastructure 
using  TCP/IP.  DNS,  WINS,  Unix. 
C++.  FTP,  ANSI  XI 2.  Exchange 
Server.  Must  have  legal  authori¬ 
ty  to  work  in  US.  Excellent  pay  & 
benefits.  Fax  resume  w/proof  of 
work  status  to:  212-695-8958 


Infobase,  Inc.  is  hiring 
Software  Engineers.  Duties 
include/not  limited  to  analy¬ 
sis/design/develop/imple¬ 
ment/test  s/w  applications. 
Min  req:  Bach  deg  or  equiv 
in  CS/EE/Eng/  Electr  & 
Comm/related  and  5  yrs 
exp.  Send  resume  to  39560 
Stevenson  Place,  Suite 
220,  Fremont,  CA  94539 
May  be  placed  at  client 
sites  nationwide. 


summits 


A  34  year  record  of  quality  peo¬ 
ple  like  you.  We  know  you're  in 
demand.  So  demand  the  best 
environment  for  your  growth:  IT 
consulting  with  an  international 
leader  We're  everywhere  busi¬ 
ness  and  industry  are,  with 
offices  all  over  the  country.  So 
you've  always  got  a  new  set  of 
challenges,  with  total  support. 
We're  currently  recruiting  the  fol¬ 
lowing  professionals,  induding 
Programmers,  Analyst/Progra¬ 
mmers;  Database  Analysts; 
Application  Development  Spe¬ 
cialists;  Software  Engineers; 
Quality  Assurance  Analyst: 
Network  Administrators;  Oper¬ 
ations  Specialists;  and  Infor¬ 
mation  Systems  Coordinators. 

Find  out  more  about  the  rewards 
of  working  with  AJILON.  To 
apply  for  positions  in  any  of  our 
district  offices,  please  visit  our 
website  at  www.ajilon.com. 

AJILON  CONSULTING 

An  Equal  Opportunity  Employer 


COMSYS  is  an  established  IT 
consulting  firm  that  serves  lead¬ 
ing  corporations  induding  1 74  of 
the  Fortune  500.  With  COM¬ 
SYS,  you  get:  Extensive  Ben¬ 
efits,  Additional  Compensation 
for  referrals,  and  Professional 
Challenges  with  training  and 
assignments  to  keep  you  al  the 
forefront  of  technology.  With  28 
offices,  we  need  the  services  of 
experienced  consultants  across 
the  US: 

•  Computer  Programmers 
-  Programmer  Analysts 

•  Systems  Analyst 

•  Software  Engineers 

■  User  Support  Spedalists 
•DBA's 

•  Business  Analysts 

•  Project  Leaders 

Submit  resume  to: 
COMSYS 

3030  LBJ  Freeway 
Suite  905 
Dallas,  TX  75234 
www.comsys.com 
Fax:  972-9604)914 
EOE/M/F/DV 


SENIOR  SOFTWARE  ENGIN¬ 
EER  to  design,  develop,  imple¬ 
ment  and  maintain  web-based 
application  software  in  a  dient/ 
server  environment  using  object 
-oriented  methodologies.  C++, 
Java,  Java  RMI,  J2EE,  CORBA. 
WebLogic,  UML,  Oracle  and 
TCP/IP  under  Linux,  SUN  Sol¬ 
ans  and  Windows  operating  sys¬ 
tems.  Require:  M.S.  degree  in 
Computer  Sdence/Engineering, 
or  a  dosely  related  field  with  2 
yrs  of  exp.  in  the  job  offered; 
Experience  gained  before  or 
after  earning  the  M.S.  degree 
will  be  accepted.  Expensive  trav¬ 
el  on  assignment  to  various 
dient  sites  within  the  U.S.  is 
required.  Competitive  salary 
offered.  Apply  by  resume  to 
Debra  VanderMeer,  Chutney 
Technologies,  Inc.,  11  Piedmont 
Center,  3495  Piedmont  Rd,  Ste 
289,  Atlanta,  GA  30305;  Attn: 
Job  RC. 


Software  engineer  to  design, 
develop  and  test  computer  pro¬ 
grams  for  business  applications: 
analyze  software  requirements 
to  determine  feasibility  of  de¬ 
sign;  direct  software  system 
testing  procedures  using  exper¬ 
tise  in  UML,  VS.NeL  ASP.Net. 
ADO,  C#,  SQL  Server  and  OOP. 
Requirements:  Bachelor’s  De¬ 
gree,  educational  or  functional 
equivalent  in  Computer  Science 
or  related  field  and  two  years 
experience  as  a  software  engi¬ 
neer  or  computer  programmer, 
knowledge  of  UML.  VS.Net, 
ASP.Net,  ADO,  C#,  SQL  Server 
and  OOP.  Salary:  $70, 242/year. 
Working  Conditions:  8:00  A.M. 
to  5:00  P.M.,  40  hours/week,  in¬ 
volves  extensive  travel  and  fre¬ 
quent  relocation.  Apply:  BECS/ 
CareerLink  Program  Supervisor. 
Indiana  County  CareerLink,  300 
Indian  Springs  Road.  Indiana. 
PA  15701,  Job  No.  WEB385479. 


Better  address?  Better  compensation?  Better  training 
Better  net  in  here! 

C* 

www.ircareers.co  m 

Now  powered  hv  CareerJournal.com 


System  &  Programming  Analyst. 
Work  Sched  8:00AM-5:00PM  40 
hrs/wk.  S61. 848.80  P/A.  Devel¬ 
op.  test  &  debug  software  apple 
cations  using  Rapid  Application 
Development  tool  Develop  Gra¬ 
phical  User  Interface  using  Visu¬ 
al  Basic  6.0  programming  lan¬ 
guage.  &  MS/WINDOWS  API. 
Design  multi-tier  client-server 
networking  applications  using 
software  applications  induding 
Visual  Basic.  MS  Transaction 
Server,  SQL  Server  Database. 
Progress  Database.  8  Embarca- 
dero  DBArbsan  5.03  tool,  imple¬ 
menting  system  design  with 
Windows  Registry  &  Microsoft 
COM/DCOM  concept  Maintain 
software  applications  that  sup¬ 
port  the  finance  operation  to 
process  applicants'  information, 
retrieve  dients'  financial  back¬ 
ground  from  credit  bureaus  to 
determine  credit  worthiness  of 
the  dient  Analyze  8  redevelop 
legacy  8  ineffident  existing  deal¬ 
er  systems  to  improve  perfor¬ 
mance.  Assist  in  data  migration 
into  the  prodoction  environment 
Work  in  UNIX  &  MS-WINDOWS' 
NT  computing  environment. 
Bachelor.  Any  Information  Sys¬ 
tem  major.  2  mths  exp.  in  Job  or 
Related  Occupation  of  System 
&  or  Programming  Analyst  2 
mths.  of  Related  Occupation 
exp.  must  indude  design  of 
moiti-tier  dient-server  network¬ 
ing  applications  using  Visual 
Basic  &  MS  Transaction  Server 
applications,  Embarcadero  DB- 
Artisan  tool,  implementing  sys¬ 
tem  design  with  Windows  Regis¬ 
try  8  Microsoft  COM/DCOM 
concept  which  may  be  concur¬ 
rent  with  Related  Occupation 
exp.  Employer  Paid  Ad  Send 
resume  to  MDCD.  PO  Box 
11170.  Detroit  Ml  48202. 
Ref.#21 2074. 


Consultanl'Software  Engineer. 
Design,  develop,  implement  8 
test  software  applications  for 
business  processes.  Require¬ 
ment  analysis.  Tools:  Java; 
JSP;  Visual  Age:  UML: 
Websphere  Application  Deve¬ 
loper  (WSAD).  Bachelor's  in 
Comp.  Sd.  or  Eng  *  +  6  mo.  exp 
in  job  offered  or  as  Programmer 
or  Software  Developer  req'd. 
('Bachelor  s  degree  in  any  eng. 
field  also  acceptable).  Previous 
experience  must  indude:  Java: 
Visual  Age;  UML.  40  hrs/wk. 
$52,000/yr.  Must  have  proof  of 
legal  authority  to  work  in  the  US. 
Send  your  resume  to  the  Iowa 
Workforce  Center.  215  Watson 
Powell  Jr.  Way,  Des  Moines,  IA 
50309.  Please  refer  to  Job 
Order  IA1101844.  Employer  pd 
ad. 


Responsibilities  indude  con¬ 
ducting  systems  analysis,  de¬ 
sign  and  maintenance,  which 
supports  the  business  and  I/S 
applications  Partidpates  in  sys¬ 
tem  development  and  integra¬ 
tion.  Coordinates  necessary 
system  and  software  changes. 
Consult  with  leaders  on  busi¬ 
ness  process  improvements  and 
technology  enhancements  or 
capabilities.  Mentor  I/S  staff  on 
business  process  and  technical 
architecture.  Adhere  to  system 
life  cyde  processes  and  compa¬ 
ny  standards,  induding  tools, 
processes,  netwofks,  systems 
and  infrastructure.  Demonstrate 
knowledge  of  business  and 
technical  infrastructure  in  per¬ 
forming  these  functions.  Estab¬ 
lish  and  maintain  strong  working 
relationships  with  I/S  and  the 
business  units.  Bachelor’s  de¬ 
gree  in  MIS.  Computer  Science 
or  related  field  with  a  minimum 
of  3  years  experience  in  applica¬ 
tions  development  and/or  tech¬ 
nical  business  analysis.  Must 
have  projed  management  and 
planning  skills,  as  well  as  knowl¬ 
edge  of  programming  languages 
(e  g.  C,  Ctt  PowerBuilder.  Visu¬ 
al  Basic.  Java.  COBOL,  SAS  or 
SQL):  programming  techniques 
-  structured  or  object  oriented; 
health  care,  managed  care  and 
health  insurance  infrastructure 
and  information  technology 
infrastructure.  40  hours/week. 
$50-62,000  annually. 

Must  have  proof  of  legal  author¬ 
ity  to  work  in  the  United  States. 
Send  your  resume  to  the  Iowa 
Workforce  Center.  215  Watson 
Powell  Jr.  Way.  Des  Moines, 
Iowa  50309-1727.  Please  refer 
to  Job  Order  IA1101798. 
Employer  paid  advertisement 


PROGRAMMER/ANALYST  to 
analyze,  design,  develop,  test 
implement  enhance  and  main¬ 
tain  web-based  application  soft¬ 
ware  using  Orade  Forms/Re- 
ports,  PL/SQL.  PowerBuilder, 
Visual  Basic,  Crystal  Reports, 
SQL  Server  and  Orade  Reports 
Server  under  Windows  2000/NT 
and  UNIX  operating  systems. 
Require:  B.S.  degree  in  Com¬ 
puter  Sdence.  Info.  Technology, 
or  a  dosely  related  field  with  2 
yrs  of  exp  in  the  job  offered  or  as 
a  Systems  Analyst  Extensive 
travel  on  assignment  to  various 
dient  sites  within  the  US  is 
required.  Competitive  salary 
offered.  Send  resume  to:  John 
Watson,  Venturi  Partners,  Inc., 
9428  Baymeadows  Rd,  Ste  500, 
Jacksonville.  FL  32256;  Attn: 
Job  TT. 


A  Call  To  Action! 

We  can  place  your 
message  in  front  of  2/3  of 
all  US  IT  professionals. 

Call  (800)762-2977 
www.itcareers.com 
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Oracle 

on  integration  to  recover  mar¬ 
ket  share,  claiming  that  it’s 
about  even  on  sales  with  Peo- 
pleSoft.  “We’re  not  giving  up 
on  what  we  were  saying  be¬ 
fore,”  he  said  during  a  press 
briefing.  “[But]  not  everyone 
in  the  world  wanted  to  go  that 
way.  We’ve  got  our  fair  share 
of  wins.  Now  we  live  in  a  het¬ 
erogeneous  world.” 

Basheer  Khan,  a  member  of 
the  independent  Oracle  Appli¬ 
cations  Users  Group  and  se¬ 
nior  director  of  the  Oracle 
practice  at  consulting  firm 
Vertex  Systems  Inc.,  said  the 
integration  hooks  that  Oracle 
is  adding  to  its  applications 
represent  a  big  step  forward. 

“In  the  past,  they’ve  been 
going  after  customers  to  sell 
them  the  whole  E-Business 
Suite,  but  they’ve  realized 
some  customers  have  invested 
a  lot  of  money  in  other  tech¬ 
nology,”  Khan  said.  Los  Ange¬ 
les-based  Vertex  itself  plans  to 
install  Oracle’s  financial  appli¬ 
cations  later  this  year  to  re¬ 


place  homegrown  software. 

Making  integration  easier 
by  providing  built-in  hooks  to 
other  applications  offers  obvi¬ 
ous  benefits  to  users,  said 
John  Graff,  vice  president  of 
marketing  at  National  Instru¬ 
ments  Corp.  in  Austin.  “Look¬ 
ing  at  it  at  the  out¬ 
set,  it  seems  to 
make  sense  for  Or¬ 
acle  to  do  this,” 

Graff  said.  National 
Instruments  runs 
the  marketing  and 
telesales  modules 
in  lli,  plus  other 
Oracle  applications. 

Oracle,  which  is  still  trying 
to  buy  PeopleSoft  via  a  hostile 
takeover  bid,  has  seen  the  in¬ 
tegration  light  relatively  late 
compared  with  some  of  its  top 
business  application  rivals. 
Market  leader  SAP  AG  has 
vigorously  promoted  its  Net- 
Weaver  middleware  technol¬ 
ogy  for  the  past  two  years, 
and  PeopleSoft  last  May  an¬ 
nounced  a  plan  to  build  con¬ 
nectors  into  its  applications. 
CRM  vendor  Siebel  Systems 
Inc.  has  made  a  big  integration 
push  with  its  Universal  Ap¬ 


plication  Network  tools. 

Chuck  Phillips,  one  of  Ora¬ 
cle’s  two  presidents,  told  re¬ 
porters  the  company  already 
offers  integration  technology 
for  lli  “but  didn’t  package  it  as 
much  as  we  could  have.” 

That’s  due  to  change  with 
Version  lli.10  of 
E-Business  Suite. 
Oracle  said  the  up¬ 
grade  will  make 
hundreds  of  inte¬ 
gration  hooks 
available  as  Web 
services,  provide  a 
repository  of  its 
application  programming  in¬ 
terfaces  and  support  standard 
interfaces  defined  by  Open 
Applications  Group  Inc. 

The  upgrade,  which  is 
scheduled  to  ship  by  midyear, 
will  also  leverage  adapters  and 
other  integration  tools  built 
into  Oracle’s  upcoming  Appli¬ 
cation  Server  lOg  software. 

Likewise,  the  new  Customer 
Data  Hub  software  will  work 
with  the  application  server  to 
pull  information  from  pack¬ 
aged  applications  other  than 
lli.  The  hub  extends  lli’s  un¬ 
derlying  data  model  so  it  can 


DATABASE  HGHT 

Oracle  hopes  the  price  of  its 
new  10g  database  will  help  it 
take  on  Microsoft  in  the 
Windows  market: 
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support  mixed  software  instal¬ 
lations  and  ones  that  don’t  in¬ 
clude  any  of  Oracle’s  applica¬ 
tions,  company  officials  said. 

IHOP  Corp.  plans  to  go  live 
with  Customer  Data  Hub  in 
March,  said  Patrick  Piccinin- 
no,  vice  president  of  IT  at  the 
Glendale,  Calif. -based  restau¬ 
rant  franchiser.  IHOP  wants  to 
tie  together  its  systems,  which 
include  ERP  software  from 
Lawson  Software  Inc.  and  var¬ 
ious  Oracle  applications,  to 
get  better  information  about 
customer  spending  habits. 

“We  have  four  or  five  views 
of  what  the  customer  looks 
like,”  Piccininno  said.  “We’re 
trying  to  drive  to  a  single 
source  of  truth  with  this.” 

The  integration  about-face 
shows  that  Oracle  has  become 
“much  more  grounded  in  the 
reality  of  today’s  systems,” 
said  David  Dobrin,  an  analyst 
at  B2B  Analysts  Inc.  in  Cam¬ 
bridge,  Mass.  But,  he  added, 
“Oracle  is  slowly,  slowly  losing 
ground  against  its  competi¬ 
tion,  both  in  mind  share  and 
market  share,  and  it  does  not 
appear  that  the  tide  has 
turned.”  O  44431 


Oracle’s 
Integration  Plan 

E-BUSINESS  SUITE  111.10: 

*  Exposes  more  than  800 
“integration  points”  as  Web 

services  to  facilitate  links  to  other 
systems. 

■  Adds  a  repository  that  cata¬ 
logs  the  APIs  published  by  the 
company  for  the  software. 

■  Includes  native  support  for 
more  than  150  business-object 
interfaces  created  by  the  0AG. 

■  Provides  increased  support  for 

industry-specific  integration 
protocols,  such  as  RosettaNet 
and  HL7. 


CUSTOMER  DATA  HUB: 

■  Consolidates  customer  data 

from  Oracle’s  applications  and 
other  systems  into  a  single 
repository. 

■  Provides  real-time  data  ac¬ 
cess  to  information  without 
requiring  users  to  move  the  in¬ 
formation  to  a  data  warehouse. 

■  Includes  data  quality  tools 

for  use  in  developing,  formatting 
and  maintaining  customer  data¬ 
bases. 
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Emcor 

the  first  half  of  last  year  pack¬ 
aged  tools  and  Sarbanes-Oxley 
consulting  programs  that  are 
being  offered  by  the  Big  Four 
accounting  firms. 

The  cost  of  developing  the 
compliance  tracking  system 
will  be  “significantly  less” 
than  what  Emcor  would  have 
had  to  pay  for  off-the-shelf 
software,  CIO  Joseph  Puglisi 
said  last  week  at  the  compa¬ 
ny’s  headquarters  here.  Emcor 
also  won’t  have  to  add  any 
hardware,  software  or  storage 
to  support  the  compliance  sys¬ 
tem  because  it  can  piggyback 
on  an  existing  Notes  installa¬ 
tion,  Puglisi  said. 

In  addition,  the  packaged 
applications  that  Emcor  con¬ 
sidered  would  have  required 


“heavy  customization”  to  meet 
the  company’s  business  re¬ 
quirements,  said  Joseph  Cor¬ 
ns,  its  manager  of  financial 
analysis  and  leader  of  the 
Notes  project. 

Work  on  the  project  began 
last  August.  “We  didn’t  take 
any  shortcuts  by  developing 
this  system  ourselves,  but  we 
will  end  up  saving  the  compa¬ 
ny  some  money  as  a  side  ben¬ 
efit,”  Corris  noted. 

Emcor  doesn’t  have  an  in¬ 
ternal  application  develop¬ 
ment  team,  so  it  contracted 
with  Phoenix-based  Brazen 
Technology  Inc.  to  develop 
the  Notes  database  for  the 
new  system,  which  is  called 
Socrates  —  short  for  Sarb-Ox 
Compliance  Reporting  and 
Tracking  Executive  System. 

The  technology  is  designed 
to  track  the  financial  reporting 
controls  used  by  Emcor’s  85 


business  units  in  the  U.S., 
Canada  and  the  U.K.,  as  re¬ 
quired  by  Section  404  of  the 
Sarbanes-Oxley  Act.  Emcor 
currently  is  working  to  popu¬ 
late  the  Notes  database  with 
documentation  that  spells  out 
its  internal  control  procedures 
and  the  require¬ 
ments  imposed  by 
the  financial  re¬ 
porting  law. 

Puglisi  recom¬ 
mended  that  Em¬ 
cor  work  with 
Brazen,  but  he  not¬ 
ed  that  the  finance  depart¬ 
ment  has  taken  the  lead  on  the 
project.  “The  business  knew 
what  they  wanted,  and  they 
came  to  IT  for  support,”  he 
said.  “It’s  not  my  project,  but 
we  can  support  it  from  an  in¬ 
frastructure  standpoint.” 

Most  large  companies  are 
buying  Sarbanes-Oxley  com¬ 


pliance  tools,  although  some 
have  developed  their  own  sys¬ 
tems  “as  a  stopgap  measure” 
until  packaged  tools  become 
more  mature,  said  John  Van 
Decker,  an  analyst  at  Meta 
Group  Inc. 

But  Troy  Edgar,  president 
and  CEO  of 
Global  Conduc¬ 
tor  Solutions 
Group,  a  man¬ 
agement  con¬ 
sulting  firm 
based  in  Los 
Alamitos,  Calif., 
said  that  companies  like  Em¬ 
cor  with  annual  revenue  in  the 
range  of  $1  billion  to  $5  billion 
are  tending  to  build  home¬ 
grown  systems. 

After  Brazen  completed  an 
initial  iteration  of  the  Notes 
system  in  September,  Emcor 
recommended  some  nomen¬ 
clature  changes  to  the  data- 


SARB-OX  DOWNLOAD 

For  full  coverage  of  Sarbanes- 
Oxley  compliance  issues  and  IT 
projects,  go  online: 

O  QuickLink  a3250 
www.computerworld.com 


base’s  template  “to  make  it 
more  audit-friendly,”  Corris 
said.  Emcor  also  asked  Brazen 
to  develop  additional  end-user 
screens,  such  as  views  of  ma¬ 
jor  customer  accounts. 

A  second  version  of  the  sys¬ 
tem  was  completed  in  late  No¬ 
vember.  Emcor  expects  the 
upcoming  tests  of  the  controls 
documentation  at  its  operat¬ 
ing  units  to  take  until  Septem¬ 
ber  to  finish,  Corris  said. 

To  comply  with  Sarbanes- 
Oxley,  the  system  needs  to  be 
completed  by  the  time  Em¬ 
cor’s  fiscal  year  closes  on  Dec. 
31.  With  the  site  testing  not 
due  to  be  completed  until  just 
three  months  before  the  dead¬ 
line,  meeting  the  rollout 
schedule  “is  going  to  be  a 
crunch,”  Corris  said.  “But  that 
still  gives  us  some  extra  cush¬ 
ion  for  any  final  revisions  that 
might  be  needed.”  ©  44432 
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FRANK  HAYES  ■  FRANKLY  SPEAKING 

What  Users  Want 


WHAT  DO  USERS  WANT  FROM  IT?  Usually  it’s  not 

that  hard  to  figure  out.  It’s  not  even  unreasonable. 
Sure,  some  live  for  interdepartmental  politics. 
And  some  would  rather  fight  with  IT  people  than 
do  business.  But  most  users  are  more  interested 
in  getting  their  jobs  done  —  efficiently,  effectively  and  with  a  mini¬ 
mum  of  stumbling  over  technology. 

Funny  thing:  That’s  what  you’d  like  for  them,  too.  And  if  you  can 
understand  the  things  they  want,  you  just  might  cut  out  many  of  the 


problems  you  have  when  users  and  IT  collide. 

So  what  do  they  want? 

Users  want  technology  to  just  work.  But  they 
know  it  won’t  always.  When  things  fail,  they 
want  IT  to  recover  quickly.  When  possible,  they 
want  advance  warning.  If  they  can’t  have  that, 
they  want  to  hear  the  bad  news  from  you  before 
they  waste  time  and  effort  pounding  away  on 
systems  that  have  died. 

Users  want  explanations  in  business  terms. 
They  want  to  know  how  much  it  will  cost,  how 
long  it  will  take  and  how  it  changes  what  they 
do.  They  don’t  know  latency  from  legacies 
or  virtualization  from  validation,  and  they 
shouldn’t  need  to.  Keep  trying  to  get  your  ex¬ 
planations  down  to  dollars  and  schedules  and 
business  processes.  If  they  want  the  technology 
jargon  —  and  yes,  some  users  really  do  get  into 
geekspeak  —  they’ll  ask  for  it. 

Users  don’t  want  to  be  told  no.  They  want  to 
be  told  how  much  their  ideas  will  cost,  what  the 
consequences  of  doing  it  their  way  will  be,  and 
what  they’ll  have  to  give  up  to  have  it  their  way. 
That  way,  they  can  decide  for  themselves  that 
their  terrible  idea  really  should  be  deep-sixed. 

Users  want  all  the  bugs  to  be  out  of  your  ap¬ 
plications.  But  they  use  commercial  software 
too,  so  they  know  software  is  buggy. 

If  they  have  to  live  with  bugs,  they 
want  to  know  where  the  land  mines 
are  —  like,  say,  the  help  key  that 
wipes  out  the  last  15  minutes’  worth 
of  data  entry  on  some  screens.  If 
those  land  mines  are  mapped  in 
documentation  and  training,  users 
can  work  around  them  instead 
of  watching  them  blow  up  in 
their  faces. 

Users  want  the  ability  to  recover 
from  mistakes.  That  means  backing 
out  one  step  at  a  time  without  los¬ 
ing  data.  And  rolling  back  transac¬ 


tions  cleanly.  And  stopping  processes  that 
are  in  progress.  Users  know  they’ll  make  mis¬ 
takes.  They  know  it  will  take  time  to  correct 
them.  They  just  don’t  want  an  easy-to-make 
mistake  to  be  catastrophic  —  or  take  forever 
to  reverse  out. 

Users  want  systems  that  get  them  from  the 
beginning  to  the  end  of  a  process  in  the  shortest 
time.  It’s  not  just  about  response  time,  but  the 
total  time  it  takes.  They’ll  wait  10  seconds  for 
data  to  populate  a  screen  if  that  means  they 
don’t  have  to  crawl  through  10  screens  that  take 
two  seconds  each  to  click  through. 

Users  want  security  to  be  invisible.  They 
don’t  want  to  keep  track  of  a  half-dozen  pass¬ 
words,  or  worry  about  viruses  in  e-mail  attach¬ 
ments,  or  have  security  get  in  the  way  of  any¬ 
thing  they  do.  They  want  you  to  stitch  security 
into  your  systems  so  they  don’t  have  to  remem¬ 
ber  to  follow  rules. 

Users  don’t  want  things  to  change.  Their 
habits  make  them  efficient.  They  don’t  like  new 
systems  that  break  those  habits  unnecessarily. 

Users  want  courtesy  from  IT  people.  An  in¬ 
expensive  “please”  or  “thanks”  or  “I’m  sorry” 
buys  a  lot  of  cooperation  from  them.  And  re¬ 
member,  even  the  densest  user  can  detect  sar¬ 
casm  and  irony.  They  want  you  to 
at  least  sound  sincere.  If  you  can 
fake  that,  it  goes  a  long  way. 

Users  want . . .  whatever  they 
want.  You’ll  never  know  what  that 
is  —  or  if  you  can  deliver  it  —  by 
guessing,  assuming  or  abstracting 
from  current  system  usage.  You’ll 
have  to  ask  —  politely,  persistently 
and  keeping  in  mind  that  they 
don’t  like  talking  to  you  any  more 
than  you  like  talking  to  them. 

Because  users  do  know  what 
they  want.  And  when  you  ask,  you 
will  too.  ©  44401 
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Unclear  on  the  Concept 

This  company  moves  its  call  center  to  what  used  to  be 
a  bank,  and  the  fireproof  walk-in  safe  seems  like  the 
ideal  place  to  store  backup  tapes.  But  when  a  fire  guts 
the  place,  IT  pilot  fish  is  stunned  to  discover  the  tapes 
melted  -  and  a  charred  block  of  wood  wedged  in  the 
safe’s  doorway.  “We  ran  out  of  space  for  stationery," 
explains  the  call  center  manager,  “so  we  stored  it  in 
the  safe.  But  some  of  the  girls  had  a  hard  time  open¬ 
ing  the  heavy  safe  door,  so  we  thought  we’d  just 
wedge  it  open.” 


Verified 

IT  security  pilot 
fish  calls  vendor 
with  a  problem 
report  but  is 
stymied  because  he’s 
not  on  the  “verified 
callers”  list.  You  need 
someone  on  the  list  to 
vouch  for  you,  says  ven¬ 
dor  tech,  who  then  reads 
off  some  names.  “I  went 
down  the  hall  to  get  one 
of  these  folks,  who  came 
back  to  the  phone  and 
said  it  ms  OK  to  take 
the  call  from  me,”  says 
fish.  Then  fish  asks  tech 
how  he  knew  fish  didn’t 
just  fake  the  “verified 
caller.  sates  venry 
ing  a  verified  caller  isn’t 
in  their  procedure,”  fish 
says.  “Only  verifying  un¬ 
verified  callers  is.” 


SHARK 

TANK* 


“combing  her 
long,  blonde 
hair  while  us¬ 
ing  the  top  disk 
u  rawer  widoow 


as  a  mirror. 


Working  Around 

Pilot  fish  reports  this 
e-mail  from  a  sysadmin 
to  ail  employees:  “I  no¬ 
ticed  that  the  closet  that 
houses  the  circuit  box 
that  powers  the  outlets 
in  the  server  room  is 
open,  with  a  fan  blowing 
on  the  power  panel.  Giv¬ 
en  that  this  circuit  box 
has  shut  down  twice  in 
the  past  six  weeks,  i 
would  recommend  that 
you  save  your  work  fre¬ 
quently  today.” 


Looking  Good 

It’s  the  1970s,  and  this 
mainframe  pilot  fish 
can't  figure  out  why  the 
removable  disk  drives  in 
one  cabinet  keep  clash¬ 
ing.  “Sons®  of  the  dam¬ 
aged  disk  packs  are  sent 
out  for  analysis,  and  the 
report  points  out  for¬ 
eign-object  contamina¬ 
tion  -  specifically,  hair" 
says  fish.  A  week  iater, 
a  night-shift  technician 
spots  the  likely  cause. 
“One  computer  operator 
was  in  front  of  the 

i  disk  cabi- 


Making  Do 

This  VP  is  brilliant,  but 
extremely  messy,  says  IT 
pilot  fish -“every  inch  of 
her  desk  was  covered  in 
papers  “When  she  corn- 


can  ss 

ing  an  uneven  stack  of 
papers  as  a  mouse  pad. 

>so 


VP  can  use  a  mouse  i 


“She  looted  at  it  for  a 


ports,  “put  the  stack  of 
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Faster  than  the  fastest  gun 
in  the  West  who's  holding 
fast  to  fasting  while  he  fast- 

i  .  ■  I 

forwards  fast  and  furiously. 

That  fast. 


BrightStor®  ARCserve®  Backup  Release  11 

Faster  and  easier  to  use  than  ever. 

When  it  comes  to  data  backup  and  recovery,  you  want  a  reliable,  high-performance  solution  you 
can  count  on.  That's  why  we've  created  BrightStor  ARCserve  Backup  Release  11,  featuring  the 
very  latest  in  storage  innovations.  BrightStor  ARCserve  Backup  is  faster  and  easier  than  ever, 
enhancing  both  efficiency  and  productivity.  And  with  CA's  superior  technology,  you  can  be 
confident  your  files  are  properly  backed  up  and  will  easily  be  restored  should  a  disaster  occur. 
For  more  information,  go  to  ca.com/storage/arcserve. 
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